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Reliability Models for Dataflow Computer Systems 


The demands for concurrent operation within a computer system 
and the representation of parallelism in programming languages 
have yielded a new fcrm of program representation known as 
dataflow ( [DENN 74], [DENN 75], [TREL 82a]) . Execution of dataflow 
programs is data driven; that is, each instructicn is enabled for 
execution just when each required operand has been supplied by the 
completion of predecessor instructions. 

Dataflow systems have received considerable attention during 
the past several years. There is a growing agreement, particularly 
in Japan ([TREL 82a], [TREL 82b]), that the next generation 
computers should be based on non-von Neumann architecture such as 
dataflow, as these architectures can be designed to deliver 
billions of operations per second. 

However, the investigators of this research are not aware of 
any work in estimating either the performance or the reliability 
of this new structure. Because of the complexity of dataflow 
systems, the presence of multiple processing units and 
communication circuits, the reliability, performance of the 
interconnection structures and scheduling schemes xn such 
architectures could become a significant issue. 

In this research project we proposed to study the reliability 
of dataflow computer systems. We proposed to use the dataflow 
graph as a model to represent asynchronous concurrent computer 
architectures including dataflow computers. If methods for 


analyzing the reliability of a dataflow graph were available, data 
driven computers can be modeled as dataflow graphs and their 
reliability can be analyzed. 

In order to achieve this goal several intermediate projects 
were completed. 

1. law. gXflph_mQfl£l^ : Much of the research in 
dataflow processing has dealt with defining the functionality, 
designing instruction level architecture or specifying programming 
languages. This has not made urgent the formalization of the 
dataflow itself. Formalization is necessary in relating aataflow 
to other computational models, discovering properties of specific 
instances of dataflow graphs and in performance and reliability 
analyses. We presented a formal definition of dataflow graph 
models and derived conditions for deadlock freeness in dataflow 
graphs. Appendix 1 contains the details of this work. 

2. Developm ent of a Dataflo w Simulaiox: Concurrent with the 

formalization, we designed and developed a dataflow simulator, 
DFDLS . This simulator can be used to model computer systems such 
as MIT dataflow processor and UC-Irvine dataflow computer and 
study the functionality of the simulated systems. DFDLS is written 
in Pascal on VAX (VMS) . Appendix 2 contains a detailed description 
of the simulator. 

3. l&pmrphisros between Petri Nets a n d Dat afl ow Graphs : Petri nets 
have been used to represent asynchronous concurrent computations 
and Petri net analysis techniques are readily available in 
literature. Dataflow graph models are superior to Petri nets in 


their representational power. We felt that if dataflow graphs can 
be translated in Petri nets, analysis techniques available tor 
Petri nets can be used with dataflow graphs, thus combining the 
representational ease of dataflow models with the analysis power 
of Petri nets. We developed isomorphic transformations between the 
two models. We demonstrated that it is possible to decompose Petri 
nets into smaller components and determine aspects of the overall 
behavior from the behavior of components. Appendix 3 contains the 
details of this work. 

Once these projects were completed we set out to develop 
reliability models for dataflow graphs. Both Markov chain 
techniques and path enumeration methods can be used to study the 
reliability of a dataflow graph model. We also developed 
techniques for reducing large graphs into smaller manageable size 
graphs. The details of these results are given in Appendix 4. 

We feel that this research is significant in that, dataflow 
graphs can be used as generalized models of computation analogous 
to Turing machines and Petri nets; Petri net analysis techniques 
can be carried over dataflow models; the reliability of data 
driven computer systems can be analyzed using dataflow graph 


models . 
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ABSTRACT 


In this paper a new model for parallel computations and parallel 
computer systems, that is based on dataflow principles is 
presented. Mathematical formulations of uninterpreted dataflow 
graph models are defined. Necessary and sufficient conditions for 
liveness and deadlock-f reeness in dataflow graphs are derived. 

Keywords : Dataflow graphs. Parallel computations, Deadlocks, 
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I. INTRODUCTION 

The demands for increasing computation speeds have generated 
considerable interest in parallel computations, concurrent 
operations within a computer system, models for representing 
parallelism in algorithms and new programming languages for such 
parallel computers [KARP 66, MILL 73], In addition to the design 
of parallel machines and programming aspects of parallelism, there 
has been considerable work done in formulating appropriate 
theoretical models and methods of analysis under which inherent 
properties of parallelism can be precisely defined and studied 
more from the end of tne algorithm, or problem, rather than the 
particular machine implementation. Generally, the theoretical 
work in parallelism can be divided into two categories; 1) the 
study of the computational aspects of algorithms (both arithmetic 
and control aspects) devised to make use of the parallelism 
existing in parallel systems; or 2) the study of the performance 
limits and reliability aspect of parallel computers. 

There are a number of quite different theoretical models 
proposed for representing the computational aspects of parallel 
processes, among which Petri net models enjoyed continued interest 
over the past decade. For a comparative study of models of 
parallel computation, the reader is referred to [MILL 73]. 

Performance and reliability evaluations of computer systems, 
including those with multiple processing elements and high-level 
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of redundancy, are generally based on probabilistic models and 
their analysis. The techniques used in this approach involve the 
identification of underlying stochastic processes and the 
determination of their properties. General review of various 
aspects of these analysis techniques can be found in [KLEI 76, 
TRIV 78] . 

Petri net models of parallel and asynchronous systems have 
been extended to include stochastic aspects [MOLL 81, MOLL 82, 
MARS 83, GEIS 83]. Molloy established an isomorphism between 
stochastic Petri nets and homogeneous Markov processes, thus 
making it possible to apply available techniques in the analysis 
of Markov processes for tne analysis of stochastic Petri net 
models. 

In recent years, two new forms of program representations 
known as dataflow and reduction languages are attracting attention 
among researchers in US\, UK, France, Japan and other countries. 
The literature is abundant with proposals for new computer systems 
based on dataflow and reduction (demand driven) principles (for 
example [DENN 74, DENN 75, DENN 80]), programming languages (for 
example, [ACRE 79, ACRE 82, ARVI 78]), distributed computing based 
on dataflow [MEAS 82], simulation and modeling using dataflow 
graphs [RAVI 83, SRIN 83, GAUD 84]. 

In this paper *e propose a different model for parallel 
computations that is based on dataflow principles. At UCLA, 
Karplus and Ercegovac are studying the use of dataflow concepts 
for high speed digital simulation [GAUD 84] . Srini used extended 
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dataflow qraphs for analyzing the architecture of highly 
concurrent computer systems [SRIN 83]. At UTA, we have developed a 
dataflow simulator ( DFDLS [KAVI 83]) that can be used to model 
computer systems (both hardware and software) . The simulator 
allows hierarchical (or variable resolution [GAUD 84]) and modular 
refinement of nodes in dataflow graphs; that is, a node can be a 
primitive dataflow operator or a dataflow subgraph. Modules 
written in other languages such as Pascal can be used to represent 
nodes. 

Much of the research in dataflow processing has dealt with 
defining the functionality, designing instruction level 
architecture, or specifying programming methodologies. This has 
not made urgent the formalization of the dataflow model itself. 
Formalization is necessary, however, in relating dataflow to other 
computation models, discovering properties of specific instances 
of dataflow graphs (e.g., absence of deadlock), and in performance 
evaluations. Formalization also makes possible the utilization of 
dataflow graphs as abstract models of computation analogous to 
Turing machines and Petri nets. It is from this motivation that 
the present work stems. A formal set-relationship definition of a 
specific kind of dataflow graph (an uninterpreted dataflow graph) 
is presented. An illustration of its use in describing properties 
is given in the form of a liveness theorem. We anticipate further 
studies that illustrate its utility as a computation model and in 
performance analysis. 


4 


In the remainder of this paper, we introduce dataflow graphs 
and how they can be used to model computer systems including 
parallel processors and even dataflow machines themselves. A 
dataflow formalism will be introiuced for representing dataflow 
graphs. The similarity between Petri nets (particulary , free 
choice nets) and our dataflow graph models should be noted. We 
will also introduce stochastic aspects into our models such that 
performance and reliability of dataflow graph models of computer 
systems can be analyzed. 
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II. THE DATAFLOW CONCEPT 

A dataflow graph is a bipartite directed graph where the two 
types of nodes are called links and actors. Actors describe 
operations while links receive data from a single actor and 
transmit values to one or more actors by way of arcs. In its basic 
form, nodes (actors and links) are enabled for execution when all 
input arcs contain tokens and no output arcs contain tokens. An 
enabled node consumes values on input arcs and produces results on 
output arcs. Arcs can be control ol data arcs. In the case of 
control arcs, the tokens are of the type Boolean (true or false); 
for data arcs, the tokens can of the type integer, real or 
character. Control tokens are introduced to indicate the presence 
of sequence control; certain actors are enabled only when the 
right control values appear on the control input arcs. For a 
complete description of dataflow concepts, the reader is referred 
to [TREL 82] . 

The dataflow model of computation is neither based on memory 
structures that require inherent state transitions nor depend on 
history sensitivity. Thus it eliminates some of the inherent von 
Neumann pitfalls described by Backus [BACK 78]. However, abstract 
dataflow models, data driven systems and languages based on such 
systems must encompass sufficiently powerful and general 
mechanisms to make expression of complex algorithm constructs 
concise and natual to be of full utility. Dataflow systems must be 
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capable of efficiently supporting the functionality commonly found 
\n conventional computer systems if they are to be accepted into 
general use. Support for such features as controlled sharing of 
global data, virtualization and communication between processes 
must be addressed to allow data driven systems to be applied to 
the large class of problems commonly addressed by programmers and 
system designers. In his dissertation, Landry [LAND 81] surveyed 
some of the extensions made to the basic dataflow model to satisfy 
these requirements. 

Firing Semantic Set (FSS) : The basic firing rule adopted by most 
dataflow researchers require that all input arcs contain tokens 
and that no tokens be present on the output arcs. This provides an 
adequate sequencing control mechanism when the nodes in dataflow 
graphs represent primitive operations. However, if the nodes are 
complex procedures, or dataflow subgraphs, a more generalized 
firing control for both input and output arcs is required. Landry 
[LAND 31] discussed a comprehensive firing semantic specification 
for dataflow nodes. The firing semantic set refers to a subset of 
input arcs that must contain tokens to enable the node. Similarly, 
a subset of output arcs are required to be empty. When the node is 
fired, tokens are removed from the input firing semantic set of 
arcs and tokens are placed on the output firing semantic set of 
arcs. For different instances of execution of a node, the firing 
sets may be different, thus introducing nondeterminacv . Our formal 


model of dataflow graphs incorporates this generalized firing 
specification. 

SOME DATAFLOW GRAPH MODELS OF COMPUTER SYSTEMS 


Here we show how dataflow graphs can be used to model computer 
systems. The examples include a simple conventional control unit, 
a f ault-tolerant computer based on von Neumann architecture that 
emphasizes deterministic synchronization among the concurrent 
tasks and the MIT dataflow processor. Only high-level models are 
shown in this paper. However, nodes in the graphs can be expanded 
to represent instruction-set level architecture. 

1. Dataflow Model of SIFT; SIFT is an ultiareliable avionics 
computer built by NASA-Langley Research Center to study the 
possibility of completely automating commercial aircrafts [WENS 
78] . SIFT has chosen to achieve fault tolerance using software. 
The SIFT system consists of several BDX 930 computers built by 
Bendix Corporation. The software consists of tasks classified as 
application tasks and executive tasks. Executive tasks are 
responsible for scheduling tasks on SIFT processors, detecting 
errors, reconfiguring the system, synchronizing the various 
processors (to within 50 microseconds) and input/output from the 
sensors. Examples of application tasks are yaw damper, the pitch 
inner loop and the roll inner loop. 
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For the purpose of maximizing determinism in scheduling, 
computations in SIFT are conducted in regular time segments called 
frames and subframes. At present, the length of a subframe is 3.2 
milliseconds and there are 50 subframes to a frame. Each task runs 
at a regular rate, the fastest running once every frame and otners 
running once every other frame or with even longer period. Tasks 
that run once every frame are scheduled to specific subframes 
while the slower tasks are scheduled during the remaining 
subframes. 

During a subframe, the status of the processor is saved, and 
the values produced by the task are broadcast to other processors. 
The values received from other processors are voted. If an error 
is detected, the processor marks the faulty processor in its error 
table and when the number of errors marked for a processor exceeds 
a threshold, an error is reported. The system is then 
reconfigured. Fig. 1 shows a high level dataflow model of a SIFT 
processor. The nodes in the graphs can be further expanded into 
dataflow subgraphs. Or, the actual code representing the tasks can 
be used to represent the nodes. 

2. Dataflow Model of a Simple Computer System; Baer [BAER 80, p 
71] gave a Petri net model representing the control flow in the 
execution of an instruction in a single accumulator ALU. Fig. 2 
shows a dataflow equivalent of the Petri net given by Baer. The 
nodes in the graph are intentionally named by the events in order 
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to facilitate interpretation. For the sake of clarity, control 
arcs and links are not drawn; their presence can be easily seen at 
the selection (oval shaped) nodes. Funnel shaped actors are 
enabled when one of its input arcs receives a token. Upon firing, 
the funnel passes the token on its input arc on to the output arc. 
Tokens on more than one input arc leads to multiple firings of 
funnel . 

3 . Dataflow Model of a Dataflow Compute i System:, Fig. 3 shows a 

high-level block diagram of MIT dataflow processor [DENN 75]. A 
high level dataflow graph model of MIT system is shewn in Fig. 4. 
Memory unit can produce one or more tokens on its output arcs, 
depending on the number of instructions enabled. The arbitration 
network schedules one instruction packet at a time; this is done 
in order to simplify the dataflow graph. Control and Distribution 
network also receive multiple inputs, but work on one packet at a 
time. The packet routing networks (arbitration, distribution and 
control networks) can be represented as dataflow subgraphs 
detailing how the pakets are routed in the MIT dataflow system. 


Resul t 
Packets 



Instruction 

Packets 


Distribution Arbitration 

Network Network 


Fia. 3. 


MIT Data Flow Processor 
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III. DATAFLOW FORMALISM 

Definition 1: A Dataflow graph is a bipartite graph where the two 
types of nodes are called Actors and Links 

G = < A U L, E > (1) 

Here, A is the set of actors 

L is the set of links 
E is the set of edges 

E = (A x L) U (L x A) (21 

Associated with each actor is a function f that describes the 
action performed by that node. Arcs are labeled by the type of the 
tokens carried by the arcs. 

S is a non-empty set of links called starting set (input links) 



S 

{ 1 e 

L 

(a,l) i E 

v- 

a £ A 

(3) 

T is a 

non-empty 

set 

of 

links called 

terminating aaJt 

( output 

links) 

T 

1 £ 

L 

(Ira) i E 

V- 

a A 

(4) 

The set 

of input 

links 

to 

an actor a and 

output links 

from an 

actor a 

are denoted 

as 1(a) 

and 0(a). 





1(a) = 

1 

L 

(Ira) 

E 


(5) 


0(a) = 

1 

L 

(a, 1) 

E 


(6) 
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Similarly, 1(1) and 0(1) can be defined for links. 

If a is an actor then 1(a)* designates the set of links that are 
input links to a, or input links to the actors that feed the input 
links of a, and so on (transitive closure) . 

1(a)* = (1 £ L lel(a), or le I ( I ( I ( a) ) ) , . . } (7) 

★ 

Similarly, 0(a) defines all set of links that are output links 
from a, or output links from the actors fed by the output links of 
a, and so on. 

0(a)* = { 1 e L | 1 e 0(a) or lc 0(0(0( a) )),... } (8) 

If Ec A is a subset of actors than 1(B) and 0(B) define the set 
of links that are input links and output links of actors 
belonging to B, respectively. 

1(B) = { 1 £ L 1 1(b) for b £ B 1 

0(B) = { 1 e L | 1 e 0(b) for b £ B } (9) 

Definition 2: For a dataflow graph the following conditions are 

true. 

\ I ( a ) | > 0 for all actors a e. A 

| I(l)| = 0 or 1 for all links 1: L 

| 0(a)| p* 0 for all actors a A (10) 

J 0 ( 1 ) | = 0 or 1 for all links 1 £ L 

Although this definition seems to lack generality, we have 
discovered that most cataflow graphs can be rewritten to fit this 
condition. This restriction allows us to isomorphically map 
dataflow graphs into free-choice Petri nets and free-choice nets 
into dataflow graphs [BUCK 84]. 
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Uninterpreted Dataflow Graphs: For the purpose of studying the 

performance of dataflow graph models of computer systems, wo 

introduce uninterpreted dataflow graphs . in that the actual 

meaning of the functions performed by the actors and the data 
carried by the arcs is not relevent. The presence of tokens on 
arcs are used only as triggering signals to enable nodes. 

Note: We will use the term dataflow graph to mean uninterpreted 

dataflow graph throughout this paper. 

Definition 3: A marking is a function 

M: L — > {0,1} (11) 

A link 1 is said to contain a token in a marking M if M(l) = 1. 

An initial marking M is a marking in which a subset of starting 
set of links contain tokens. 

A terminal marking M t is a marking in which a subset of the 
terminating set of links contains tokens. 

FIRING AND FIRING SEMANTIC SETS 

Associated with each actor are two sets of links called input 
firing semantic set F 1 and output firing semantic set F 2 

Fi ( a, M) c. i(a) 

F ^ ( a, M) C. 0(a) (12) 

The input firing semantic set F, refers to the subset of input 
links that must contain tokens to enable the actor; the output 
firing semantic set E, refers to the subset of links that receive 
tokens when the actor is fired. 


M 


// 


1 / 


Definition 4: A firing is a partial mapping from markings to 

markings . 

An actor a is f irable at a marking M if the following conditions 
hold 

M ( 1) = 1 for all 1 - F (a,M) 

M ( 1 ) = 0 for all 1 e F^ (a,M) (13) 

When the actor is fired, tokens from the firing set F (a,M) are 
consumed and new tokens are placed on each link belonging to the 
output firing semantic set F^ (a,M) . 

Thus, a new marking M' resulting from the firing of an actor a in 
marking M can be derived as follows. 

M ' ( 1 ) = 0 if 1 - F 1 (a,M) 

= 1 if 1 - F (a,M) (14) 

2 

= M ( 1) otherwise 

a 

Such firing of an actor is indicated by M > M'. 


Depending on whether F and F o select only one, a proper subset 
or the entire set of input and output links the following node 
firing rules are defined. 

Conjunctive: All the input links must contain tokens for the actor 
to fire. That is. 


F (a,M) = 1(a) for all M (15) 

1 

Disjunctive: Only one of the input links must contain a token for 
the actor to fire. That is, 

F (a, M) 

1 


1 


for all M 


(16) 


Collective: One or more of the input link:: may contain tokens for 
the actor to fire. That is, 

F, ( a, M) c= 1(a) for all M (17) 

Selective: When the actor fires, only one of the output links 

receives a token. That is, 

F ( a, M) = 1 for all M (18) 

1 2 

Distributive: When the actor fires, all the output links receive 
tokens. That is, 

F ( a,M) - 0(a) for all M (19) 

2 

The graphical representations of these possibilities are shown in 
Fig. 5 . 

Non-Deterministic Fixing Semantics: Since, in our study, 

uninterpreted dataflow graphs are used for analyzing performance 
or reliability by applying stochastic methods, F^ , and F 2 are 

made non-deterministic; for different instances of execution of a 
node, the firing semantic sets may be different. This eliminates 
the need for control arcs in dataflow models. The choice arising 

due to control tokens are incorporated into F and F by 

1 2 

associating probability distributions with the firing semantic 
sets. For example, the T-gate [DENN 74] shown in Fig. 6 (a) will be 

replaced by Fig. 6 (b) . The firing sets F and F are defined as 

follows . 

F, = I (T) = 1. 

F, = 0 ( T) = 1 „ with probability p (20) 

2 2 

= with probability 1-p 
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a) Conjunctive 

Fjfa.M) = 1(a) 


b) Disjunctive 
|Fj(a, M) | = 1 


c) Collective 

FjU.M) C 1(a) 


d) Selective 

| F 2 (a ,M) | = 1 


e) Distrubutive 

F 2 (a ,M) = 0(a) 




f 


g. 5. Firing Rules 
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The probability p depends on the frequency of having a TRUE value 
on the control arc of the T-gate. 



(a) . T-gate (b) . nondeterministic gate 

FIG. 6 Nona*. cerminis tic Firing Semantics 

P [ F (a,M)]is the probability that in a marking M, F (a f M) is the 
1 1 
input firing semantic set? this probability function determines 

which subset of tokens on input links (should a choice be made) 

will be consumed when the actor a is fired in marking M. 

Similarly, P[F (a,M)] defines the probability function on the 

2 

output firing semantic sets; P[F^ (a,M)] is the probability that 
when the actor a is fired in M, the subset of output links given 

oy F (a,M) will receive tokens. 

2 
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Definition 5: Firing Sequence o is a sequence of markings 
resulting from the firing of actors, in the order in which the 
actors are enabled. When actors can be fired concurrently, the 
order is arbitrary. 

An actor a is said to belong to Q if a is fired at least once in 
the firing sequence o. we say that M leads to M' via 0 if, M' 
is the new marking that is derived from the marking M when the 
actors in the firing sequence ? are fired. This is denoted by 

M M' 

A forward marking clas s M of a marking M is the set of markings 
which can be derived (or reached) from M via some firing sequence. 

M = { M' ! M — ► M' (21) 
for some firing sequence o } 

Definition 6: A dataflow graph is said to terminate properly if 
there exists a firing sequence that leads an initial marking M 
to a terminal marking M . 

DEADLOCKS AND LIVENESS IN DATAFLOW GRAPHS 

A node that cannot fire in a dataflow graph that models a 
component of a computer system would seem anamolous and we should 
be able to identify such situations. Deadlocks can be avoided in 
dataflow machines by providing feedback to actors using control 
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tokens [MISU 75]. Since our model omits control tokens, it is 
necessary to derive the necessary and sufficient conditions for 
liveness and absence of deadlocks in dataflow graphs. This is 
similar to the concept of liveness in Petri nets which has been 
found valuable in modeling deadlock-f reeness of operating systems 
[PETE 77, AGER 79] . 

Definition 7: An actor a is potentially firable in a marking M, if 
there exists a marking m' k ft such that a is enabled in M', except 
when M is a terminal marking. 

An actor a is said to be blocked in a marking M, if for all 
markings M' e M, a is not enabled. 

An actor a is live in M if a is potentially firable in all 
markings M' e M , except when M' is a terminal marking. 

A dataflow graph is live in a marking M if a non-empty subset of 
actors C £ A are live. Liveness in Petri nets require that all 
transitions be live, implying that C = A. For the present, we 
will allow a partial liveness in dataflow graphs. 

A dataflow graph is blocked in a marking M if the graph is not 
live in M. That is C = <& . 

A dataflow graph is deadlocked if the graph is blocked in a 
marking M' £ M 0 where M 0 is an initial marking, except when M' is 
a terminal marking. We will consider a dataflow graph 
deadlock-free if it terminates properly. 

For some actor a A and a forward marking class M of some 
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marking M, 

I 1 e (a,M' ) where 
M' e m and (22) 

a is firable in M 1 ) 

1 ef^ (a, M * ) where 
M' £M and a is (23) 

firable in M' } 

F i (B, M ) and F^ (B, M ) when B is a subset of actors can be 
defined similarly. 

Theorem ; Suppose B - A be the subset of actors that are blocked 
in a nonterminal marking M. Then the dataflow graph is live in M 
if and only if 

F x (A-B, M ) = F 2 (A-B, M ) (24) 

Proof: Necessrary Condition ; If the dataflow graph is live then 
equation (24) holds. 

This condition is proved by contradiction. 

Suppose that the dataflow graph is live, but 
(A-B, M ) A F, (A-B, M ) 

Case 1: There exists a link 1 z f j (A-B, M ) but 1^ F 2 (A-B, M ). 
Since only actors in A-B are live ( and hence firable in M) , only 

F (A-B, M ) can contain tokens in all markings M' z M. This 

2 

implies that there exists an actor b e A-B and a marking M' e m 
such that the link 1 e f ^ (b, M ' ) does not contain a token. The 


F (a, M ) = { 1 e L 


F 2 (a, M ) = { 1 £ L 


* 


actor b is blocked which is contrary to the assumption that actors 
in A-B are live. 

Case 2s There exists a link 1 e F£ (A-B, M ) but 1 | (A-B, M ) . 

Since only actors in A-B can fire in all markings M‘ e M , only 
tokens on links in F ^(A-B, M ) are consumed. 

Since 1 | (A-B, M* ) , 1 will contain an unconsumed token. This 

would lead to an actor b e A-B and a marking M' £ M such that 
1 £ f 2 M ')r t0 De blocked. This is again contrary to the 

assumption that actors in A-B are live. 

Hence, F (A-B, M ) = F 2 (A-B, M ) 

Sufficient Condition: If equation (24) holds then the dataflow 

graph is live. 

We will prove this condition by contradiction. Suppose that 

F, (A-B, M ) F 2 (A-B, M ) 

but the dataflow graph is not live. Let b e A-B be an actor that 
is noc live in M. That is, there exists a marking M' e M such that 
b is not potentially firable in M’. 

Case 3: The actor b is not firable because, some link Is F, (b,M') 
does not contain a token. Since F 0 (A-B, M ) are the only set of 
links that can contain tokens in M , 1 «t F 2 (A-B, M ). This is a 
contradiction since we assumed that equation (24) holds. 

Case 4: The actor b is not firable in M* because, for some link 

1 - F (b,M')f 1 contains an unconsumed token. Since only tokens in 

2 

F i (A-B, M ) can be consumed, 1 $ F^ (A-B, M ) . This is again 
contrary to the assumption that equation (24) holds.. 
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Thus, a dataflow graph is live if and only if equation (24) holds. 

F 1 (A-B, M ) = ? 2 (A-B, M ) 

Corollary Is If A-B 4 4> , then F 2 (A-B, M ) 4 4> . 

If A-B is not null then F^A-B, M ) is not null, since an actor is 
enabled only if at least one of its input links contain a token. 

Thus, F 0 (A-B, M ) is not null. 

Corollary 2: If the input firing semantic set F for all arcs is 
conjunctive and the output firing semantic set F for all arcs is 
distributive, that is, 

F, (b,M' ) = 1(b) for all b e A-B and all M' e M 

F 2 (b,M') = 0(b) for all b £ A-B and all M' £ M 

then, the dataflow graph is live if and only if 

* ★ 

I (A-B) » O(A-B) 

The asterisk implies a transitive closure on the input and output 
links of the actors in A-B. 

Remarks: The above theorem does not guarantee that the number of 
tokens flowing through a dataflow graph remains constant, but that 
the tokens be conserved over a firing sequence. This allows for 
some actors consuming more tokens than they produce while other 
producing more than they consume. Thus in a non-terminating 
deadlock-free dataflow graphs all firing sequences are repeatable. 

A Markov process for dataflow graphs can be defined by associating 

\ 

'i 
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states with markings. Markings that enable blocked nodes in the 
dataflow graphs lead to dead states (or failed states) . 

Dataflow graphs as defined here are safe , since at most one 
token can be present on a link. Some dataflow researchers have 
relaxed the firing rules to allow multiple tokens flowing on arcs? 
arcs are treated as pipelines of tokens. This would lead to 
k-bounded dataflow graphs where k is the maximum number of tokens 
that can flow on an arc. Equation (11) must be rewritten as 

+ 

M: L R u {0} (25) 

equation (13) must be rewritten as 


M(l) 


1 for all 

1 e 

F (a,M) 


M ( 1) 


k for all 

1 e 

F 2 (a,M) 

(26) 

and equation (14) as 

M' (1) 

= 

M ( 1) - 1 if 

1 € 

F. ( a,M) 



s 

M( 1) +1 if 

1 £ 

F_ (a,M) 

(27) 


M ( 1 ) otherwise 


The dataflow liveness theorem can be extended to account for 
k-boundedness. However, we have decided to map dataflow graphs 
into free-choice Petri nets and use safeness and liveness 
properties of Petri nets. 


N 

r 
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IV. CONCLUSIONS 


In this paper we have introduced a formal definition of 
dataflow graphs. Necessary and sufficient conditions for liveness 
in dataflow graphs are derived. The uninterpreted dataflow graphs 
can be used to analyze performance and reliability of computer 
systems including dataflow computers. Stochastic properties can be 
incorporated into dataflow graphs. We are in the process of 
deriving isomorphic mappings between Petri nets and uninterpreted 
dataflow graphs. Such mappings would enable us in carrying 
mathematical formulations available for Petri nets over to 
dataflow graph models. 
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ABSTRACT 

In this paper we describe a dataflow simulator that can be 
used to simulate computer system as dataflow graphs and test the 
functionality of the modeled system. High level dataflow graph 
models of three different computer system are used to illustrate 
our approach. DFDLS provides the computer systems designer with a 
CAD environment that enables highly parallel and complex systems 
to be defined and tested at all levels. 

Keywo rds : Dataflow Graphs, Dataflow Computers, Simulation and 

Modeling. 


1. INTRODUCTION 


In racant yaara dataflow modala, dataflow languagaa and 
computer ayatama baaad on dataflow princlplaa ara attracting much 
attantion in tha Unitad Stataa, Japan and otbar countriaa. Tba 
major motivation babind tba racant aurga in dataflow arcbitacturaa 
la tba daaira to anbanca parforaanca. It Ja baliavad that naxt 
ganaration coaputar ayatama wilx ha baaad on non-von Nauaann modal 
of computation lika dataflow, aa aucb ayataaa can ba daaignad to 
dalivar billiona of oparationa par aacond [TREL 82a] . Tba aacond 
motivation la tba daaira to exploit VLSI tachniquaa in tba daalgn 
of computara. Bacauaa of tba ragularlty of tba procaaaing alamanta 
and communication clrcuita, dataflow arcbitacturaa ara auitabla 
for VLSI implamantation. 

Nucb of tba raaaarcb in dataflow procaaaing baa daalt with 
dafining tba functionality, daaigning inatruction laval 
arcbitactura, or apacifying programming matbodologlaa. Thia baa 
not mada urgant tba formalisation of tba dataflow modal itaalf. 
Formalisation is nacasaary, bowavar, in ralating dataflow to otbar 
computation modala, diacovaring properties of apacific inatancea 
of dataflow grapba, in aimulation and parformanca avaluation. In a 
companion papar [KAVI 84] , wa bava presented a formal daf inition 
of dataflow grapba. 

In thia papar wa praaant tha application of dataflow graph 
modala in tha aimulation of computar ayatama. Bacauaa of tba 
biararcblcal natura and tba modularity of dataflow grapba, both 



software tasks and hardware units can be modeled in a uniform way 
using dataflow graphs [KAVI 83], 

1.1. Simulation of computer systems: 

Conventional simulation models fall into one of two types: 
process-oriented and event-driven. Process-oriented simulation 
consists of modules (programs) that define attributes and 
activities of the system. A process description comprises 
declarations, computations and control statements, and sequencing 
statements. One type of sequencing statement is that used to 
represent activity execution times such as the "hold(t)" statement 
of SIMULA. The processes are scheduled, suspended and reactivated 
in accordance to the process description. In event-driven 
simulation, all events are ordered by their scheduled times. The 
next event in the list is executed and the system clock is updated 
to the time of the event. Most logic simulations are event-driven. 

Simulation of computer systems can be at one of four levels: 
circuit level, gate level, register-transfer level or system 
level. Each of the levels employs models which are simplifications 
of those of the preceding levels, both in quantitative terms and 
in terms of behavior [BREU 72]. Depending on the level of detail, 
the system is simulated at one of the above four levels. The 
system being simulated is modeled using a simulation language 
(e.g. SIMSCRIPT, GPfS) . Typically, the model consists of input 
variables, output variables and the function which describes the 
transformation of inputs into outputs. 

Dataflow languages a* d models can be effectively used to 


simulate a logic system. In its basic form, a dataflow model 
consists of graphs with nodes that describe the function of a unit 
and arcs which are inputs to a node or outputs from a node. The 
main feature of a dataflow model is its hierarchical nature: a 
node in the model can be a simple node or a dataflow subgraph. 
Thus such models can be used to selectively change the level of 
simulation to any level of detail without modifying other parts of 
the simulation. Also, a dataflow model provides for modular 
simulation in the sense that any section of the unit can be 
modeled and tested without modeling the entire system. Dataflow 
simulation can be classified as a process-oriented simulation. A 
process description (or node description) comprises computational 
statements. Control statements are defined by special control 
nodes and arcs. Sequencing in dataflow is described by the 
structure of the graph (connections between nodes) and thus an 
inherent part of the model itself. 

At UCLA, Karplus and Ercegovac ([KARP 82], [GAUD 84]) are 
attempting to use dataflow principles in high speed digital 
simulations. Srini [SRIN 83] has extended the basic dataflow to 
model supercomputers like Cray IS. Another example of a 
hierarchical simulation tool is LOGOS [HEAT 72], LOGOS is based on 
Petri-net concept. The LOGOS representational system uses two 
directed graphs, one for data flow and the other for control flow. 
The control flow graph sequences the data transformations and 
defines the control flow of the model. 


1.2. The Dataflow Concept: 

A dataflow program is a bipartite directed graph where the two 
types of nodes are called links and actors. Actors describe 
operations while links receive data from a single actor and 
transmit values to one or more actors by way of arcs. In its basic 
form, nodes (actors and links) are enabled for execution when all 
input arcs contain tokens and no output arc contains a value. An 
enabled node consumes values on input arcs and produces results on 
output arcs. For a complete description of dataflow concept the 
reader is referred to [TREL 82b]. 

The dataflow model of computation is neither based on memory 
structures that require inherent state transitions nor depend on 
history sensitivity. Thus it eliminates some of the inherent 
von Neumann pitfalls described by Backus (BACK 78], However, 
abstract dataflow models, data driven system and languages based 
on such systems must encompass sufficiently powerful and general 
mechanisms to make expression of complex algorithm constructs 
concise and natual to be of full utility. Dataflow systems must be 
capable of efficiently supporting the functionality commonly found 
in conventional computer systems if they are to be accepted into 
general use. Support for such features as controlled sharing of 
global data, virtualization and communication between processes 
must be addressed to allow data driven systems to be applied to 
the large class of problems commonly addressed by programmers and 
system designers. In his thesis, Landry [LAND 81] surveyed some of 
the extensions made to basic dataflow model to satisfy these 


requirenents . Our formal model of dataflow graphs [KAVI 84] 
includes several of the exensions. 

1.3. Extensions to Dataflow: 

Some of the fundamental attributes of the basic dataflow model 
that makes it appealing for applications to certain class of 
problems also restricts its utility in others. One of the missing 
concepts in basic dataflow is memory. There is no easy way or 
modeling memory units. Ore can treat the entire memory as a token, 
but this is cumbersome. 

Reference Tokens: At the University of Newcastle upon Tyne, the 
concept of updatable memory was introduced along with 
multi-threaded control flow [TREL 79], This model incorporates all 
of the fundamental attributes of the dataflow but relaxes the 
requirement that only tokens which represent values flow along 
arcs. Instead, reference-tokens and control-tokens are introduced 
as primitive notions within the model. Reference-tokens are tokens 
containing names (addresses) used to access memory. Control-tokens 
are signals used to trigger successor instructions without 
transporting any data values. 

The principle firing rule in this model requires that the 
combination of data tokens, reference tokens and control tokens 
specified as being mandatory for firing be present before 
execution be performed. These input tokens along with the 
specification of the instruction to be performed is referred to as 
an instruction-packet. Since the inclusion of reference-tokens 
implies that data values are stored separate from the instruction 


packet, the model dictates that the supporting architecture 
include mechanisms for collecting reference values, determining 
when a node is enabled, retrieving data values, and forming 
instruction packets. 

Structured Tokens: In the basic dataflow, the tokens are of scalar 
type. Almost all implementations of data-driven systems, however, 
permit tokens to be of more complex structures. In the MIT 
dataflow system, [DENN 74], data structures are maintained on a 
heap. The actors are designed so that their execution does not 
change values on the heap. Instead, whenever a new value is 
created, a node is added to the heap to represent the new value. 
New actors like source, append, select, exists are added in order 
to access the data structures on the heap. 

Firing Semantic Set: The basic firing rule adopted by most 
dataflow researchers requires that all input arcs contain a token 
and that no tokens be present on the output arcs. When the 
dataflow graph is simple and the nodes are primitive actors like 
add or subtract, this provides for an adequate sequencing control 
mechanism. However, if the nodes are complex procedures or 
subgraphs, more generalized firing control for both input and 
output arcs is required. At the University of Southwestern 
Louisiana [LAND 81] and the University of Texas at Arlington [KAVI 
84], a comprehensive and general firing semantic specifications 
are provided. For these models where the nodes are defined in a 
way where only a subset of the input arcs must contain tokens and 
only a subset of output arcs must not contain tokens, the concept 


of firing semantic sets are introduced. The input firing set 
refers to the set of input arcs that will enable a node when 
tokens are present on each of the arc; the output firing set 
refers to the set of output arcs that will receive tokens when the 
node completes execution and hence should not contain tokens 
before the node is enabled. For different instances of execution 
of the node, the firing sets may be different, thus introducing 
non-determinacy and providing for interaction with the supporting 


environment. 


2. DFDLS: An Overview ORIGINAL PAGE & 

OF POOR QUALITY 

DFDLS (pronountsO as daffodils; is an extensive data flow 
simulation written in Pascal and is currently available on both DEC 20 
and VAX/700 computer systems Simulation of computer systems* both 
hardware and software, can be performed using data flow concepts. 


The major features of DFDLS are given below 

1 Tokens on data flow arcs can be structured data items. 
Existing data flow computers and languages permit only elementary data 
types like integer, real, and characters. DFDLS allows the Pascal 
data types. At this time, record data types are not processed, but 
will be included soon 

2 Firing set semantics can be specified in DFDLS. In the basic 
data flow, a node is enabled for execution only when all input arcs 
contain tokens and no tokens are present on the output arcs. These 
firing semantics are extended in the mandatory input values required 
for the node to execute. 

3. Nodes in DFDLS can be data flow subgraphs. In most of the 
existing oata flow systems only primitive functions such as ADD two 
numbers are permitted. In our system, a node can be a primitive 
function defined by the system, a data flow subgraph or a Pascal 
procedure provided by the user. These Pascal procedures are linked 
dynamically by the runtime environment. 

4. The input language is very simple. DFDLS interprets 
simulation models expressed in out textual language There is a 
one-to-one correspondence between the data flow graphs ail the textual 
’•epresentation Thus, data flow graphs can be translated directly 
into the input language. This also provides for graphical interface 
that can be designed at a later date 

5. 5iock structures and Recursion: the present implementation 
of DFDLS permits a restricted block structure in that, all names must 
be unique. Recursion is not allowed. However., we are in the process 
of extending DFDLS to allow more general nesting of blocks and 
recursion Because of our data structures and modular design of 
DFDLS. this addition is straight forward. Separate descriptor tables 
and node tables will be created for each block and display stack will 
be used to implement recursion and static scopes. 
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2. 1 BNF For DFDLS Language 


ORIGINAL PA0£ 

OF. POOR QUALITY. 


Cprogram> 
<nod eD 
<node_ env! 
-Cty pe_ sec r ! 
•C“SS sect.' 


Car c_l l stD 
Cfunct sectD 


Cb loc k_l i *t> 
<c h i 1 d_no d p> 
<NRM_i d > 
Cprogram_i d> 

<input_ sect> 

< i n p u t s > 

Cinp ut_ar c'.-' 
Coutput_sect> 
Coutp ut s> 
Coutput_arc> 
•-type.' 

Cdest__i is t!- 
Cdest_node> 
Cnode_id> 

•Care id> 

<id> 


* Cnode* l Cnod e> 2 

- <node_ env> Cinpu t._sec t> <output_sec t> 

• - NODE: Cnode_id> Ctype_sect> CFSS_sect> Cf unc t_sect> 

~ empty ! TYPE Cany valid PASCAL type section> 

: . * F S3 : * f STD ! 

NON_STD CFSS_spec> C CFS5_spec> 3 
=* <arc_id> C <arc_id> 3 

FUNCTION: C DFG “ :b 1 oc k_l i st> I 

PAS :NRM_id> I 

LIB CNRM_ i d > 3 

= Cch l ld._node> C -Cch i 1 d_node> 3 
. = Cnode_id> 

. = NRM Cprogram_id> 

: -■* snan* of a user supplied PASCAL procedure 
or system provided procedure> 

: = INPUTS <inputs> 

. = <input_arc> t Cinput_arc> 3 

::= Carc_id> : <type! : 

OUTPUTS Coutpucs> 

= Coutput_arc> C Coutput__arc> 3 
• = ARC Carc_id> <type> Cdest_list> 

• a Cvalid PASCAL type declared in TYPE section> 

. = Cdest_node> C <iiest_ node> 3 

: : = Cnode _id> 

: : * Cid> 

Cid> 

: = Cany alphanumeric name of 10 characters or less> 


2 2 


Data Structures Ip DFDLS 


GU4v*«mAL FAfi*l 'A 
OF POOR QUALITY 


The major* data structures in DFDL5 are the descriptor table (DT) 
and the node tauie iNT). The descriptor table describes the arcs in 
the data flow program tumi? the node table keeps track of the nodes in 
a aata flow program 


Toe entries in tne descriptor tabie are described in FIG. 1. 


DTEJHr = ''DTE, 

DTE = Record 

Arc_Name . ID, 

SourcejMTE : ID; <* is an output of this NTE *) 

Type ^_D eel : Boolean, <*true if this DTE is a type declaration*) 
Num_Destinations : Integer; 

Dests_Remaining : Integer; 

This_Arc_Is ; Arc_Type; 

Further_Desc DTE_Ptr; 

Prev DTE_Ptr; 

Next r D7F._P tr ; 

Memptr : Integer; 

Allocated : Boolean; 

Num_Record_El ements : Integer; 

Arr_ Dims : Arr_Ptr; 

End; (* DTE *) 


ID = Packed Array 1 1 . , Ma x_ID_Lnn 1 Of Char; 

Arc*_Type •= ( V__Char , V_Int, Rea 1 , V^boo 1 » 

V_Alfa, V_Array , VjJnknown- V_Record ) ; 

A r r _P t r - ‘ Arr_Dim_Desc, 

Arr_Di'fl_l)e«c = Record 
Stride ; integer; 

Lower Integer; 

Upper Integer; 

Dim_Ptr Arr^Ptr; 

End; <* Arr Dim Desc *) 


FIG 1 


DESCRIPTOR TABLE ENTRIES 


The ertnss in the node table are described in FIG. 2. A NTE 
(node table entry) contains the name of the node* the name of th«» 
parent node, a list of the children nodes. function description, 
firing semantic set. pointers to input arc descriptions (in DT). 
pointers to output arc descriptions (in DT) and destinations for each 
output arc when the firing semantic set is satisfied, the node is in 
"ready" state. ano in the "not-ready" state otherwise. If a node is 
a data flow graph and the internal nodes are currently executing, the 
state of t«e node is "children firing". When the node is scheduled 
for execution, the state is "firing". 


For each input arc. the availability of a token on the arc is 
also maintained. The free state in the output arc description 

indicates that there exists no value on the output arc. A node can 
not fire if an output arc contains tokens and one or more destination 
nodes are using the tokens. This restriction will be relaxed later by 
treating arcs as queues. The tokens produced will be consumed in FIFO 
manner. 

OMGMAL PACK IS 

NTE_P tr "NTE; OF. POOR QU,\ 'l 

NTE = Record 

Node_ID : ID; 

Parent^ Id ID; 

Block_Head 31 oc k_List_Ptr; <* List of Children for a DFG #) 

Funct : Funct_Class. 

FSS_T y p e : FSS_Class; 

FS3_Head FSSJHr; 

Inout_Head : Input_Ptr; 

Output_Head : 0utput_Ptr; 

Status . Status_C lass; 

Next NTE_Ptn 

Prev • NTE_Ptr; 

Case fType : Funct_Class Of 
PAS, DFG : < NPM ~ ID); 

LIE : (LNFM : Lib_Class>; 

End , ( * NTE ■* ) 


Fig. 2. NODE TABLE ENTRIES 


ORIGINAL PA - 

OF POOR QUALfi V 

FSS_Ptr * ''-FSS_Rec; 

FSS_Rec » Record; 

Arc_Li st_He<3d : Arc^Li st_Ptr; 

Next : FSS.Pir 

End , ( * FS2_Rec *) 

Block__Li st_Ptr ** 'B 1 oc k_Li s t_Rec ; 

B i oc k _ Li st__fiec - Record; \* Child Node o* a DFG #) 
Node_ID : ID, 

Next : B 1 oc k J_i s t_Ptr • 

Enoi <•* 8 I oc k J_ t s t_Rec *) 

Input_Ptr * ' Input_Rec; 

Input _Rec ~ Record) 

Arc_Name ID; 

Arc_Avai lab i 1 ity : Ava l lab i 1 i t y _C las s; 

Next • Input _Ptr 
End; <* Input _Rec ■* ) 

Output_Ptr = ''Output_R«c; 

Output_Rec = Record, 

Arc_Name ID; 

Dest»_Head . Dest_Ptr; 

Next : Output_Ptr 
End; <* Qutput_Rec *> 

Dest_Ptr * "'Destination_Rec; 

Destination^ Rec Record; 

Node_ID : ID. 

Next : Dest__Ptr; 

End; (* Destinat ion_Rec *) 

FSS_C lass = (STD, NON_STD, Und ef i ned _FSS ) ; 

Funct_Class = < DFG, PAS, LIB, Undef ined_Func t_C lass ) ; 

Ar c j_i s t_Ptr = ^ Ar c_l.i st_Rec ; 

Arc_List_Rec = Record; 

Arc_Name : ID- 

Next • Arc l.ist_Ptr; 

End i 
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2 3 Major Modules In DPOLS 
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The NT-Manager is used to create, search# and find node table 
entries One entry exists for each node defined in the data flow 
p r a 3 r a iTi 

The DT-Ma Hagen provides functions identical to those of the 
NT-Manager except the items being manipulated are data descriptors 
which describe the data tokens 

The Ready List Manager controls the operation of the ready list. 
It contains those nodes which are ready to be fired and provides 
functions to insert and delate nodes from the ready list in addition 
to returning the next node in the Ready List queue. Although a 
first-in first-out list structure is maintained, prioritized execution 
is planned in the future. 

The Parser consumes the textual input language which describes 
the data flow graph. As the text is examined, data structures for 
nodes, data .descriptors, and ready list entries are allocated and 
linked to existing ones. 

The Node Manager controls the run-time portion of the simulation. 
It schedules the next noce for execution and informs destination nodes 
that inputs are available. When the firing semantic set (FSS) has 
been satisfied, the node is inserted intu the rear of the ready list. 

The Memory Manager controls the allocation and deallocation of 
tne toh*n« or» one or more of the four heaps created for the primitive 
oara types More complex oata structures are broken into their 
component forms w.»ich are stored in the heaps above 


The Library module provmtji all of the function* which are to be 


included with 
incut function* 
following i? 
operate on 


the simulator CatJjoriH* include unary and binary 
a* well as multiple input and special functions. The 
a list of library functions and the data types they can 

om<\id p . , • 
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£ <i Available Functions 


Unary Functions 


Name 

• 

Input 

| 

• 

Outpu t 


NOT 

1 

• 

Boolean 

1 

Boolean 

NEG 

f 

1 

Integer/Real 

« 

1 

Integer/Rea 1 

SIN 

• 

1 

Integer/Real 

1 

Real 

COS 

f 

1 

Integer/Rea 1 

1 

Real 

TAN 

1 

Inteqer/Neal 

1 

• 

Real 

FIX 

1 

Real 

f 

• 

Integer 

INT 

1 

1 

Real 

f 

• 

Integer 

FLOAT 

1 

I nteger 

• 

• 

Real 

CHR 

| 

t 

Integer/Real 

f 

1 

Character 

ORD 

1 

1 

— 4- — 

Character 

1 

— + 

Integer 


Binary Functions 


1 

• 

« 


! Inputs 

Output 

— ♦ 

1 

• 

t T ▼ • 

» 1 

1 

SUE 

1 Integer/Real 

Integ er /Rea 1 

t 

• 

• 

V 

• 

DIV 

’ Integer /'Real 

Integer/Real 

1 

1 

t 

MOD 

I Integer 

Integer 

( 

1 

1 

e«i 

. Int/ Real/Char/B ioi 

Boolean 

1 

1 

f 

1 

NE 

i Jnt/Real /Char/Bool 

Boolean 

9 

• 

I 

GT 

• lnt/Real /Char/Bool 

Boolean 

9 

1 

• 

1 

<;e 

! Int/Real /Char /'Boo 1 

Bool tan 

1 

1 

1 

LT 

? J nt/Real /Char /Bool 

Boolean 

J 

1 

4 

LE 

I Int/Real /Char /Sool 

Boolean 

J 
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Multiple Input - Functions 


! Name 

i 

1 Inputs 

l 

Output ! 


ADD 

I Integer/Heal 

1 

< 

Integer /Rea 1 

MULT 

5 l r. *: e g e r / R e a 1 

1 

• 

Integer/Real 

AND 

! Boolean 

1 

Boolean 

OR 

: Boolean 

1 

1 

Boolean 

XOR 

Boo lean 

1 

Boolean 


r + «. + 


Special Library Functions 

Th< T-iJji'i’ function ■ ’.mutate* the T-gate used for control of arcs 
within a Oat* Flow Graph It accepts 2 input arcs; th# first arc is 
rhe boolean control arc which * 1)111 b<* tested and compared to the true 
value The second input is the value which is input and will be 
placed on the sing.ie output arc if the boolean control is true. The 
F-Gate function acts in a similar matter except that it passes the 
data value if the boolean control value is false. 


2 5 Process Scheduling On VAX VMS 

Execution of Pascal procedures involves creating a sub-process under 
the VAX/VM5 operating environment. These procedures are actually 
programs which have been translated and linked into executable images 
oy the user. All oata transfers occur between the simulator and the 
vjb-proces« occurs throug y ore of several channels which are railed 
mai lboxes 

As a node is placed into execution, mailboxes for input. output, 
and termination messages will be allocated. An sub-process is then 
created with its input and output files mapped to the thore mailboxes 
and the termination mailbox mapped into a termination channel Input 
arcs are sent to tn* newly created process by means cf standard Pascal 
or : te statements The entry for tn»t node is then deleted from tne 


ready 1 i ^ n to prevent it ^rciis i-emi) scheduled An entry for the node 
is placed on t h *3 executing list- and an interrupt request is made to 
the operating system so it may be informed when the process 
terminate * . 

Upon process ter >>i : na 1 1 on, an interrupt occurs which indicates .to 
tne simulator that tne process has been deleted. The Termination 
handler responds by finding the entry for that node in the Executing 
List and inserting it into the pending list so the node manager may 
schedule it for further processing u)hen ready. the node manager 
calls the unlini procedure which allocates sufficient memory to hold 
trie output arcs from the sub-process and then reads the output arcs 
from the output mailbox, putting them in memory. Next, the successor 
nodes are updated to indicate that thor-e input arcs are available and 
the mailboxes used by this process are returned to the operating 
system 


OE POOR QU r UT¥ 


2.6 Sample Data Flow Graph 

Tre f-r. 1 1 otjinj f'i its Plow Graph wall bt expanded ho show the 
’■slatue -rase wirr. whicr> one may transform a graphical DF»- into the 
input text required cy tre simulator. 
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ma i n 


mycons (generate X#Y> 
> + + 


multi (* ) 


--r--r 


A 


+-+- 


ad d 1 


mult2 (*) 


» i 


ad d2 (■*■) 
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NODE. MAIN, 

NODE: ADDl; 

NODE ENV, 

NODE ENV. 

FSS STD; 

FSS: STD; 

FUNCTION DFG, 

FUNCTION; LIB 

MULTI 

ADD; 

MUL.T2 

INPUTS; 

ADDl 

X : INTEGER; 

ADD2 

Y : INTEGER; 

MYCQNS 

OUTPUTS; 

MYPRIN 

ARC; 

END NODE; 

C : INTEGER; 

NODE MULTI; 

MULT2; 

END NODE; 

NODEJENV; 
FSS; STD, 

NODE: ADD2; 

^UNCTION- LIE 

NODE_ENV, 

MULT; 

FSS : STD; 

INPUTS; 

FUNCTION: LIB 

X : INTEGER, 

ADD, 

Y : INTEGER, 

INPUTS; 

OUTPUTS; 

A : INTEGER, 

ARC; 

D : INTEGER; 

A ; INTEGER; 

OUTPUTS; 

ADD2, 

ARC; 

MULT2, 

E : INTEGER; 

END NODE; 

MYPRIN; 

NODE: MULT2; 

END NODE, 

NODE JEN V, 

NODE : MYPRIN; 

FSS: STD; 

NODE ENV; 

FUNCTION: LIB 

FSS : STD; 

MULT. 

FUNCTION PAS; 

INPUTS. 

MYPRIN; 

A INTEGER, 

INPUTS; 

X : INTEGER, 

E . INTEGER; 

C INTEGER; 

OUTPUTS; • 

OUTPUTS, 

END NODE. 

ARC. 

D INTEGER; 

NODE MYCONS; 

ADD2, 

NODE ENV; 

END NODE. 

FSS STD, 


FUNCTION: PAS; 

MYCOPAR2. 

OUTPUTS, 

ARC; 

X : INTEGER; 

MULTI; MULT2; ADDl; 

ARC; 

Y : INTEGER; 

MULTI; ADDl; 

END NODE; 


3. SOME DATAFLOW GRAPH MODELS OF COMPUTER SYSTEMS 
Here we will show how dataflow graphs can be used to model 
computer systems. The examples include a simple conventional 
control unit, a fault-tolerant computer based on von Neumann 
architecture that emphasizes deterministic synchronization among 
the concurrent tasks and the MIT dataflow processor. Only high 
level models are shown in this paper. However, nodes in the graphs 
can be expanded to represent instruction-level architecture. 

3.1. Dataflow Model of a Simple Computer System: Baer [BAER 80, p 
71] gave a Petri net model representing the control flow in the 
execution of an instruction in a single accumulator arithmetic and 
logic unit. Fig. 3 shows a dataflow equivalent of the Petri net 
given by Baer. The nodes in the graph are intentionally named by 
the events in order to facilitate interpretation. For the sake of 
clarity, control arcs and links are not drawn; their presence can 
be easily seen at the selection (oval shaped) nodes. Funnel shaped 
actors are enabled when one of its input arcs receives a token. 
Upon firing, the funnel passes the token on its input arc to the 
output arc. Tokens on more than one input arc leads to multiple 
firings of funnel. 

3.2. Dataflow Model of SIFT: SIFT is an ultrareliable avionics 

computer built by NASA-Langley Research Center to study the 
possibility of completely automating commercial aircrafts [WENS 
78], SIFT has chosen to achieve fault tolerance using software. 
The SIFT system consists of several BDX 930 computers built by 
Bendix Corporation. The software consists of tasks classified as 
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application tasks and executive tasks. Executive tasks are 
responsible for scheduling tasks on SIFT processors, detecting 
errors, reconfiguring the system, synchronizing the various active 
processors (to within 50 microseconds) and input/output from 
sensors. Examples of application tasks are yaw damper, pitch 
inner loop and roll inner loop. 

For the purpose of maximizing determinism in scheduling, 
computations in SIFT are conducted in regular time segments called 
frames and subframes. At present, the length of a subframe is 3.2 
milliseconds and there are 50 subframes to a frame. Each task runs 
at a regular rate, the fastest running once every frame and others 
running once every other frame or with even longer period. Tasks 
that run once every frame are scheduled to specific subframes 
while the slower tasks are scheduled during the remaining 
subframes. 

During a subframe, the status of the processor is saved, and 
the values produced by the task are broadcast to other processors. 
The values received from other processors are voted. If an error 
is detected, the processor marks the faulty processor in its error 
table and when the number of errors marked for a processor exceeds 
a threshold, an error is reported. The system is then 
reconfigured. The processor will execute a new task (or resumes 
a previous taks) . Fig. 4 shows a high level dataflow model of a 
SIFT processor. The nodes in the graph can be further expanded 
into dataflow subgraphs, or the actual code representing the task 
can be used to represent the nodes. 



Fig. 4. High Level Data Flow Graph 
for a SIFT Processor. 









3.3. Fault Injection: In the testing of actual circuits or the 
simulation of systems, it is desirable to provide for fault 
injection so that common faults can be injected into the system 
and the fault detection, reconfiguration parts of the system can 
be studied thoroughly. This capability can be modeled in dataflow 
as shown in Fig. 5. The nodes labeled Fault-k model simulate the 
function of the unit when fault-k is present. The selector node 
has n inputs and one control input. Depending on the value of the 
token on the control input, one of the n inputs is passed on to 
the output. 

3.4. Dataflow Graph Model of a Dataflow Computer: Fig. 6 shows a 
high level block diagram of the MIT dataflow processor [DENN 75]. 
A high level dataflow graph model of the MIT system is shown in 
Fig. 7. Memory unit can produce one or more tokens on its output 
arcs depending on the number of enabled instructions. The 
arbitration network schedules one instruction packet at a time and 
dispatches the instruction to a processing element or a decision 
unit. This is done in order to simplify the dataflow graph of Fig. 
7. The graph can be modified to show concurrent scheduling of 
several instructions. Control and Distribution networks also 
receive multiple inputs, but work on one packet at a time. The 
packet routing networks (arbitration, control and distribution) 
can be represented as dataflow subgraphs detailing how the packets 
are routed in the MIT dataflow system. 



Dataflow Model for Fault Injection 




Instruction 

Packets 


Distribution 

Network 


Arbitration 

Network 


Fig 
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MIT Data Flow Processor 
















4 . SUMMARY AND CONCLUSIONS 


In this paper we have described a dataflow simulation that can 
be used to model computer systems as dataflow graphs and test the 
functionality of the modeled system. Dataflow graphs can be used 
to model computer systems including parallel processors and 
dataflow computers. We plan extend DFDLS to include record 
structures for tokens, allow recursive definitions for dataflow 
actors, linking with procedures written in other languages, 
graphical input, timing and performance measures. 
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Abstract . Dataflow graphs are a generalized model of computation. 


Uninterpreted dataflow graphs with nondeterminism resoLved via 
probabilities are shown to be isomorphic to a class of Petri nets known as 
free choice nets. Petri net analysis methods are readily available in the 
literature and this result makes those methods accessible to dataflow 
research. Nevertheless, combinatorial explosion can render Petri net 
analysis inoperative. Using a previously known technique for decomposing 
free choice nets into smaller components, it is demonstrated that, 
in principle', it is possible to determine aspects of the overall behavior 
from the particular behavior of components. 

Index Terms . Dataflow graphs, timed Petri nets, free choice nets, 
performance analysis, isomorphism. 


I . INTRODUCTION 


Increasing interest in dataflow architectures derives in part from the 
quest for large improvements in performance through parallelism. This 
interest has given impetus to the development of new representation methods 
and languages for parallel algorithms. Our interest is in the dataflow 
graph and its potential to represent any computational structure including 
computer architectures. The inherent ability to represent the natural 
parallelism in architectures other than dataflow machines has been noted by 
others [9,18] . 

The chief advantages of dataflow graphs as a computational schema are 
their compactness and generally amenability to direct interpretation. That 
is, the translation from the conceived system to a dataflow graph is 
straightforward and, once accomplished, it is equally straightforward to 
determine by inspection which aspects of the system are represented [7,8]. 
Unfortunately, the analysis techniques for data flow graphs are yet not 
well developed. 

A rapid method of closing the gap in analytic methods is to demonstrate 
cases automatically transformable to Petri nets, the latter having been 
subject to two decades of study. Certain abstract properties of Petri nets 
such as liveness and boundedness have immediate relevance in any genera L 
computational schema including dataflow graphs. Other properties such as 
comparative firing frequencies assume relevance with respect to the 
semantics of the system being modeled. Thus it is clearly of benefit to 
establish the correspondence between dataflow graphs and Petri nets in order 
to combine the representational ease of one with the analysis power of the 
second . 

Performance analysis of computer architectures represented as dataflow 
graphs via Petri nets (more precisely, timed Petri nets) is a goal of this 
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work. Here, systems are described by using dataflow graphs having abstract 
data components called tokens. Removing the semantics from data introduces 
nondeterminism which is compensated by the assignment of probability mass 
functions to decision points. The result is called an uninterpreted 
dataflow greph of which important subclasses are isomorphic to subclasses 
of Petri nets. For those graphs representable in Petri net form, 
properties such as those mentioned above can be analyzed. In addition, 
properties dealing with time can be evaluated. 

II. DATAFLOW GRAPHS AND PETRI NETS 

Formalized treatment of Petri nets is common in the literature 
[3,10,13,14,16] and will be dealt with briefly. 

Definition 1 . A Petri net is a quintuple 
PN = < P, T, D, MP , MP > 

where 

P = {P r P 2 , •••, P n h a set of places 

T = Itj, t 9 , ...» t^}, a set of transitions 

D c {P x T] u [T x P}, a set of directed arcs 

MP q is a given initial marking 

MP^ is a set of terminal markings. 

Here we are chiefly interested in extensions t •> the basic model that 
incorporate concepts of time. 

Timing information has been incorporated in three ways. Sifakis and 
others [4,17] associated a nonnegative constant, b, with each place having 
the semantics that an arriving token was "unavailable" until it hau been in 
the place for a time interval of length b. The two other methods attach 
timing information directly to transitions. One may associate with a 
transition a nonnegative constant (timed Petri nets [10,16,19]) or a 
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probability distribution (stochastic Petri nets ( 1 ,b , 1 1 , 12 ] ) . The f irst 
case is equivalent to assigning time values to places (17]. In either 
case, the principal problem to be resolved is when to begin the firing 
epoch -- upon arrival of the first token or the instant a transition is 
enabled. One need also consider whether a second or subsequent epoch can 
begin while one is in progress. 

A second problem to resolve is firing conflicts. Those models that 
depend on fixed firing time generally assign a probability over the marking 
space from the current to next marking (19). Stochastic Petri net models 
generally use the firing rate (based on random firing times) to determine 
the next marking from the current one (1,11,12]. A difficulty arises if 
one allows some transitions to have zero firing time. The probability Lhat 
such transitions will fire once enabled approaches one (1). The solution 
is to augment the firing rates with transition probabilities as is done in 
timed Petri nets. Several investigators have noted the direct 
correspondence between Petri nets with timing information and Markov 
processes (2,11,12,19]. In this work, timed Petri nets are employed. 

Definition 2 . A timed Petri net is the pair 

TPN = < Ci f > 

where 

£ is a PN 

f : T -* (H + u {0}}, a firing time function 

In addition to analyzing the time properties of nets, a goal ot this 
research is the determination of the overall behavior of a system by the 
inspection of properties of components. Hack [o] first demonstrated 
necessary and sufficient conditions for liveness and safeness of a subcLass 
ot Petri nets important to this work. Ramchandani ]15] achieved related 
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results for general nets in the more formal context of solutions to 
Diophantine equations derived from the connectivity of the net. Solutions 
to the equations results in subnets (more precisely, T-subnets or P-subnets) 
whose structure is that of a marked graph or state machine® under 

some circumstances. Ramamoorthy and Ho [ 1 6 J developed techniques for cycle 
time computations for such subnets and Magott [10] transformed the method to 
a solution of a linear program. We have extended this work by showing how 
the mean time between events of a net composed of marked graph components 
can be obtained. Coolahan and Roussopoulos [4] have also developed statis- 
tical measures of transition firing frequencies and these are adaptable to 
our model. Datta and Ghosh [3] developed a labeling method that guarantees 
liveness for nets with transitions of in-degree (and out-degreej at most tuo 
( 2 ). 

A formal treatment of dataflow graphs has been lacking in the 
literature due to the purpose that other investigators have used them. Due 
to the nature of our study and the need to demonstrate homomorphic 
structures between dataflow and Petri net models, a formal definition has 
been developed (8). The following reviews those results. 


Oi- 


4 


. ♦ 


Definition 3 , A dataflow graph is a labeled bipartite graph where the 


two types of nodes are called actors and links. 

DFG =<AuL, E, S, T> 

where 

A = {a., a„, .... a }, a set of actors 
1 1 2 ’ n 

L = {1,, 1„, .... 1 }, a set of links 
1 2 m 

E c (A x L) u (L x A), a set of edges such 

that (a.,1.) £ E A (a.,1.) £ E => a. = a. 

i k j k i j 

and (l.,a.) £ E A (l.,a.) E E => 1 . = 1 . 

i k j k i j 

S = {1 £ L | (a,l) ^ E for any a £ A}, 

a non-empty set of links called the starting set 
T = {1 £ L | (l,a) $ E for any a £ A}, 

a non-empty set of links called the terminating set. 

Note that links are limited to a single input and single output. Meeting 
this restriction may require the introduction of dummy actors (e.g., to 
duplicate an input token on several output links). 

Let 1(a), a £ A (1(1), 1 £ L) and 0(a), a £ A (0(1), 1 £ L) denote the 
sets of input and output links (actors) of actor a (link 1), respectively. 

1 1 ( a ) | and |0(a)| must be nonzero for each actor while |I(1)| and j0(l)| 
are at most one. The notation is directly extended to the places and 
transitions, of Petri nets. However, there are no cardinality constraints 
on the sets denoted. 

A marking of a dataflow graph denotes the presence or absence of 

tokens in links. A marking is a function M : I. * {0,i, ..., k ; . When M 

(or MP for Petri nets) is used it means the vector 

< MU.), MU ), ..., MU ) > 

1 m m 

A marking is distinguished as an initial marking (terminal nu king) MU.i f- 
0 => 2 £ S (MU) * 0 => i £ T). 




Associated with each actor is an input ami output firing set denoting 


which links enable the actor and which receive tokens when the actor 
fires. These sets are denoted F^ and F.,, respectively. 

F^a.M) c 1(a) 

F 2 (a,N) c 0(a) 

Dataflow graphs exhibit special arcs called control arcs whose purpose is 
to affect the flow of data at decision points. These do not exist in 
uninterpreted dataflow graphs used here but a probability mass function over 
the powerset of 0(a) serves the same purpose. 

An actor, a, is enabled in marking M if M ( ii ) t 0 for each SL £ 

F^(a,M). The firing of an enabled actor, a, results in a new marking 
indicated by M + M '. 

M' = M - < 1(a) > + < 0(a) > 

where 


< 1(a) > is a vector in which the ith element is one 

if i. £ F, (a ,M) 

1 i 

< 0(a) > is a vector in which the ith element is one 

if i £ F (a ,M) 

This can be generalized to a firing sequence, a, denoted M 
al a2 a3 ap 



where 


The forward marking class, M, of a marking M is the set of markings which 
can be derived (or reached) from M via some firing sequence M = {M |M - M }. 

It is simple to extend the semantics given above by assigning a 
nonnegative real value to each actor representing the time if takes to 
fire. In the diagrams that follow, the conventions below have been adopted. 
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4 . 4 


• • 


• 4 


a 


4 ... 4 


an actor for which Fj(a,M) = U a ) and F 2 (a,M) = 0(a); 
such an actor is sa i <1 to have con junctive input and 
distributive output 


4 + 4 + • *+4 
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an actor for which Fj(u,N) c [(a) and = 0(a); 

such an actor is said to have disjunctive input 


an actor for which F ^ ( a , N ) = l(aj and F 2 (a,M) c 0(a); 
such an actor is said to have selective output 

Links are represented by solid circles. For the second type of actor (the 
disjunctive actor) the enabling input link is chosen nondeterminis t ica 1 1 y . 

While it is not permitted for an actor to be simultaneously disjunctive 
and selective, the restriction is not severe. The uninterpreted nature of 
the data tokens allows such actors to be separated into two actors. 



4 + 4 + • • * + 4 4 + r + • • • + 4 



4 + *• + • • • + 1 


It is not necessary to enumerate each analogous term for Petri nets 
such as MP and MP MP . Yet it should be noted that the standard firing 
set semantics are 

FPj (t,MP) = 1 ft) 

FP 2 (t,MP) = Oft) 

JRIGil'JAL rAU r 
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The effect of firing an enabled transition, L, is 
MP' = HP - < 1(1) > + < 0(t) > 

III. GRAPH TO NF.T TRANSFORMATIONS 

Reduction of graphs representing asynchronous processes to Petri nets 
occurs frequently in the literature. (See [ I 4 | tor examples.) Therefore, 
we will treat the topic informally. Let DFG be an arbitrary 
umnterpretated dataflow graph. 

ALGORITHM A1 

1. Let MP «- M and MP. <- M„ 

oo t t 

2. For each 2. £ L in DFG, create p. £ P in the TPN 

l l 

3. For each conjunctive actor a^ £ A in DFG, create a transition t ^ f. T 
in TPN such that if 2^ £ O(a^) then p^ £ 0(t), if 2^ £ 1(a) then p^ £ 
Kt) 

U. For each disjunctive actor a. £ A, perform the transformation 

shown in Fig. 1(a). Create a unique transition for each 

2. £ I(a.). If 2. £ 0 ( a . ) then p. £ O(t^) for each t * ^ . 

J l J i J i i 

5. For each selective actor a^ £ A, perform the transformation shown 

in Fig. 1(b). Create a unique transition for each 2 £ O(a^). If 

2. £ I (a.) then p. £ I(t^) for each tf^. 

J i J 1 i 

6. If a is the time associated with actor a., then let f(t.) = a. If 

i t 

more than one transition was derived from a., the time associated 

i 

with each is a. 

We will deal with the transformation of the probability mass function (pint) 
for selective actors to a pinf for the TPN later. 

Let the symbol ~ means "derived from". It may be used with 
individual components (t ~ a) or entire graphs (TPN ~ DFG). The steps in 
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Algorithm A1 are reversible. Thus it is possible to reconstruct the 
dataflow graph from the Petri net. In this context, we can use t~a and a~t 
(p~l and l~p) interchangeably. Figures 2 and 3 show a dataflow graph and 
the Petri net derived from it using the transformation above. Let an 
arbitrary M be represented by the vector < m^, m^ , . .., > where each m^ 

is an integer. An arbitrary MP can be represented similarly. Thus when we 
say M = MP we mean simple vector equality. 

Definition 4 . A unit disjunctive DFC is one for which Fj(a,i!j £ 1(a) 
for all disjunctive actors. A unit selective DFC is one for which 
F^Ca.M) £ 0(a) for all selective actors. 

THEOREM 1. (isomorphism) Given a unit disjunctive and unit selective L'FG, 
if TPN ~ DFG, M = MP, and M ^ M * then there exists a* such that MP 1 • MP 

and M = MP*. Conversely if MP MP there exists O such that M ’ M , M = 

MP, and M* = MP*. 

PROOF. We prove the first part by demonstrating how to select t^, t.,, ..., 
t^ in a' that correspond to a^, a^, ..., in O. Let be the first actor 
a l a 2 a k . 

in the sequence M -* Mj M . M^ = M - <I(a^)> + <0(a^)>. If is a 

conjunctive actor, select t^ ' a j- If is disjunctive select tj r * ~ 

such that £ F^a^.M) is the link that enabled a^. If is selective 
select tj ~ 3^ such that £ F., ( a ^ , in) is the link upon which the token 
is produced. If MP ^ MP^ then clearly < I ( a ^ ) > = ‘"I(t^)> and <0(a,)> = 

<0(t )>. Thus M = MPj. Choosing t ; , t^, . ..,L^ in the same manner 
produces MP = M . The converse is proved similarly. Q.E.D. 

The above LhfO’-em demonstrates tliat properties of a particular 
dataflow graph can be discovered by examining the derived Petri net. 
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Before describing these methods, however, we introduce an additional term 


and its relation to the transformation described. 

Definition 5 . A free choice net is a Petri net for which each arc 
from a place to a transition is a unique output of the place or the 
unique input of the transition. More formally, 

(V (p,t) e D) (0(p) = {t} or I ( t ) = {p}). 

THEOREM 2. If |I(a)| = 1 for each selective actor of DFG and TPN ~ DFG 
then TPN is a timed free choice net. 

PROOF. Recall that by definition a DFG link has a 

single input and a single output actor. Thus, |G(J£)| = 1 for all i £ L. If 
(£,a) £ E, a £ A is conjunctive, p ~ £, then |0(p)| - 1 since for 
conjunctive actors there is a one-to-one correspondence between (£,a) £ E 
and (p,t) £ D. If (fL, a) £ E, a£ A is disjunctive ,p. ~ £^, then t^ ; - a 
is created by step 4 of Algorithm A1 such that Olp^) = { t ^ * ' } . If (JT , a) 

£ E, a £ A is selective then t^ ~ a is created by step 5 of Algorithm A1 
such that I(t (j) ) = {p.|p. ~ £., £. £ 1(a)}. Clearly |I(t (i) )| = 1 if 
1 1(a) | = 1. Q.E.D. 

The unit disjunrtive/selective criterion assures a DFG can be 
converted to a Petri net without combinatorial explosion, |T| < |E|. If 
selective actors have a single input, then the DFG is isomorphic to a timed 
free choice net. This is significant primarily because a considerable body 
of theory exists for the analysis of free choice nets. 


COROLLARY 1. If TPN ~ DFG then 


(V t., t. £ T) ( J ( t ) n I ft . ) t <t> => IU) = Jft.)) 
i- J 1 j 1 J 


PROOF. Note that in DFG, I (a . ) iff a. = a. because each link has but one 

* * J 

output. (It is impossible for distinct actors to share a link.) 

Therefore, if two transitions share a place they must be derived from the 

same actor. If a^ is an actor with conjunctive input, there is only one t^ 

such that t. ~ a. and it shares no input. If a. is an actor with 
ii i 

disjunctive input then a unique transition is created for each element of 

1 ( a . ) . Again I(t.) n I(t.) t <t> implies t. s t.. For a selective actor, 
i * J J i J 

a., for every £. £ I (a . ) then p. £ I(tf^ for every h such that tf* 1 ^ ~ a., 
i* 3 j i j i ii 

Thus, I(t^ h) ) = I(tJ k) ). Q.E.D. 

The corollary is well known for free choice nets. Here, however, its 

proof is based directly on the relationship with dataflow graphs. Its 

importance is the partitioning of the transitions into blocks B ^ , B>, 

B, such that if anv transition in block B is enabled, all are. Further, 
h * i 

the firing of a transition in block B cannot disable a transition in block 
- i 

B, if i*h. This will make it possible to resolve conflicts with 
h 

probability mass functions ever transitions rather than (the ordinary 
practice) over markings. 
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IV. PROBABILISTIC ilNiNC ANALYSIS 


An objective of Petri net analysis is to determine overall behavior by 
decomposing it into components which can be analyzed individually. 

Definition b. A subnet of a Petri net TPN = <P, T, D, MP . NP , f> is 

o t 

another Petri net TPN = <P", T , D', MP , MP f > such that 

o t 

P' c P, T' c T, D' = D n ((P' x T ') u (T ' x P')), MP (p) £ MP ' if p e P\ 
— — o o 

MP^(p) E MP^ if p£ P', and f'(t) = f(t) if t£ T' and undefined 

otherwise . 

Let 1(0 and 0(0" be the input/output sets of TPN". TPN' is said to be a 
T-subnet if for every tel', I(t) = T(t)' and 0(t) = 0(t) It is said to 
be a P-subnet if for every p £ P', I(p) = l(p)' and 0(p) =0(p)'. A net or 
subnet is said to be strongly connected if for every p^, p^ £ P there is a 
directed path from p^ to p^ . 

A state machine is a net or subnet for which |l(t)| < 1 and |0(t)| < 1 
for every t £ T. A marked graph is a net or subnet for which |I(p)| < 1 and 
| 0 (p ) | < 1 for every p £ P. The incidence matrix C = [c^| of a Petri neL 
is an n x m matrix where 


c . . = 
ij 




-1 if (p., t ) £ D 

1 if (t., p O £ D 
J i 

0 if neither (p. ,t .) £ D nor (t.. p ) £ D or 
1 J J i 


both are in D 

For example, the incidence matrix for the free choice net of Fig. 3 is 
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ari 


A Petri 

net i«= 

said 

to 

be 

live 

if 

for 

every marking 

in MP 

o 

there 

are 

firing 


sequences that enable each transition. A Petri net is bounded if there is 


a finite number of tokens in each place give:) any (perhaps infinite) firing 
sequence. A Petri net is safe if the number of tokens in any place never 
exceeds one. 

Hack [6] gave necessary and sufficient conditions for the 1 iveness and 
safeness of a marked free choice net. If MP^ = <• I 1 0 0 . . . 0 -> , Fig. 3 
satisfies the conditions. It can be shown [15] that such nets can be 
decomposed into strongly connected components by finding the simple 
nonnegative solutions to the system of equations 
C • Y = 0 

A solution is simple if it cannot be additivelv obtained t rom other 
solutions. For Fig. 3, 
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Y = < 1 0 1 0 

Y 0 = < 0 1 0 0 

Y = < 1 0 0 0 

Y, = < 1 0 1 1 

Y 5 = < 1 0 0 1 

Y, = < 0 0 0 0 

b 


10 10 0 10 0 
00000000 
1 10 0 0 0 0 0 
0 0 10 1 10 1 
0 10 0 1 0 0 1 
0 0 0 1 0 0 10 


0 1 0 1 0 1 1 1 > 

0 0 0 0 1 0 0 1 > 

0 1 1 0 0 0 1 1) > 

10 0 10 1 I 1 : 
1 0 1 0 0 0 1 0 > 

0000 0 00 0 > 


Each Y-vector designates as set of transitions. For instance, Y 


(2) (21 (oi (21 (21 (21 

designates {t^ t 2 , t 3 , t^" , t g , t g , t g ~ , t jg , t n , t J2 J and Y 2 

designates t^^, t^l- Each transition set together with all 

directly connected places constitutes a strongly connected a T-subnet. For 

free choice nets, each component is a marked graph. 

For components that are timed marked graphs, Ramamoorthy and Ho L 1 6 J 

first showed how to determine the overall cycle time by enumerating the 

circuits. The time required for each circuit is the sum of the transition 

times divided bv the number of tokens in the circuit. Let K.. be the set 

ij 

of places and transitions in the jth elementary circuit of the ith component 


I. . = I 
ij 


f(t k )/ I MP(p k ) 

t , c K . . p . c K . . 

k i j k i j 


Assuming r circuits and a firing epoch begins as soon as it is enabled, the 

overall cycle time for the component is T. = max(l ,, t..,, .... T. ). 

l 1 1 i2 i r 

For example, let MP(p,J = MP(p, ? ) = 1 and MP(p.) = 0 if i > 2 for the 
component, Yj, of Fig. 3 the elementary circuits are 
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K I1 ■ 

{P 1 



. (2) , . , 

p 8 l 8 1 10 1 11 ' 

il 

CN 


l l p 6 


P 10 L b p 1 4 L 9 P 1 7 l ll 

K 13 ■ 

iP 2 

■’S l 6 

,(2) „ , . 
P 15 L 10 *18 f 12 


For concretenecs , let f(tf^) = f(t^) = [”i/i| . The overall cycle time 

T, = max (l.,, = 12. For components, Y. , Y., , and Y, , the cvcle 

1 1 1 l»: l j 1 z t* 

times are 9,10,14,14, and 5 (if MP (12) = 1). respectivt ly . Magott [10] generalized 
the technique by showing that the solution could be expressed as a linear 
program. These methods assume a firing epoch begins as soon as a transition 
is enabled. When modeling real systems, this is not an unreasonable assump- 
tion. 

As shown in Corollary 1, free choice net transitions that potentially 
conflict have the same input place. Because the T-subset components pro- 
duced as above are strongly connected marked graphs, a place has but one 
output arc. It follows that a given component is reached from the initial 
marking by a single transition whose tiring is randomly chosen from a 
conflict set. 

With this in mind, we are prepared to deal with the probability mass- 

functions over the output links of selective actors. If the actors are 

unit selective then Pr(F„ (a,M)) > 0 for each 2 t F 0 (a,M) and is zero for 

z z 

nonsingleton elements of the powerset of 0(a). It t ~ a and p ~ 2 t Ufa) 
then let Pr(t) = Pr(F.,(a,M)) for 2. This contrasts to the normal method of 
assigning probabilities to markings in the reachability graph but is 
equivalent due to the partitioning of the transitions described above. 
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As an illustration ol the employment ol the foregoing, deline MTTE(tj) 

to be the mean time to the event of the beginning of the firing epoch 

for t.. Assume t^ has s input places with s independent loop-free paths 

o, , o„ , .... J from MP . (Dependent paths can be dealt with but serve no 
1 2 s o 

purpose at present.) t^ cannot fire until the last token appears at an 
input . 

NTTE (t.) = max [C(j.), G(o ), G(o )| 

J is s 

G(o/) is the expected time required to transverse and incorporates the 
time intervals the tokens leave the path and traverse circuits. 

For clarity, G will be defined with superscripted subscripts 
distinguished. Let t^ 111 ^ adj cr mean that t^”'^ t CT while an equivalently 
subscripted transition is (tj^ £ a., h t m). By extension, Y^ adj CT 
means tf™^ £ Y. and t[ m ^ adj CT. . Let 
K. - n Pr(J m) ) 

1 «W<I. 

k l 


if Y adi a. and is undefined otherwise, 
i — ' 1 J 


G(a.) = I f(t.) + 1 

J K 


t. ca. 
k j 


(m) 

t. £CT. 

k 




The latter term, A(*)» represents the expected amount of time within 


components adjacent to o at transition t^ 


(in) 


Let Aj, A^, A be the 


(m) 


(m ) 


probabilities of the r components adjacent at t^ '" / . Let A^ + j = Pr(i.^ ). 
r+1 

(Note that 2 A. = 1.) I.” stands for the expected cycle tune for component 

i=i_ 1 1 

Y.. That is, l ' differs from T. in tuat it takes into account components 
i’ll 

adjacent to circuits in Y. . 
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( in I 


If, to simplify the subscript scheme, Vj, Y,, Y .ire adjacent to , 


- \ + , 


00 

1 


0 

I 


m =0 m =0 
0 1 


ii ~ 

r -2 
2. 
in 


r-1 


m j : in , 


v_ 

m , ! (m -m, - 
r-1 0 1 


• - m ) ! 

r- 1 


UVi'" 2 V"' t Vl t i-l t( V m l A 2 " ,A r-l A r 


iii , ni„ m . (m -m - • • • -m 

12, r-1 01 r 


If r = 1 then A(’) reduces to the geometric series muitipled by a constant 
value . 

Each path 0. defines a hierarchy over the set of components. For 

( 2 ) 

example, in Fig. 3, the path {p } tj p^ t^ p^} has and Y,. 

( 2 ) 

immediately adjacent (at t^ ) while is adjacent to one of the circuits 
in Y,.. Thus, one must solve Y^ before can be solved. 

To illustrate, for Figure 3 let Pr(tj^) = 1/k and Pr(t£ 2 ^ = 1 - 


1/k. For MTTE(t ) , 
o 


( 2 ) 


°1 = <P| l l p f. l 4 PlO 1 

°2 = (p 2 l i 2) P 5 > 


Table 1 contains the cycles for Y,, Y^, Y ,. , and Y^ which are the only 

components needed. Table 2 contains the relevant intermediate calculations. 

MTTE(t-) = max [5.38, 19] = 19 

o 

Given the isomorphism theorem and the equivalence of timing between 

actors and transitions, it can be concluded that MTTE(a^) = MTTElt.). It 

the transition is superscripted then MTTE(a . ) - inin (MTTE(c. >j. The mean 

J k J 

time to event is but one measure possible. From it, other measures such as 
mean time between events can be derived and correlated to components in the 


real system. 


TABLE 1. Circuits 


K . . Sequence 

ij 


K 21 

{P 2 


•* 

P 18 1 

12* 


K 3. 

(Pi 

c i h 


P 8 

t (2) 

8 

P 16 

Mi 1 

332 

{P 1 

l l p 6 


P 9 


P 1 7 

Si* 

K 5! 

iP l 

l l p 3 


P 7 

4 2 ' 

P 12 

4 2) P 1J 4 ° p 16 S>* 

K 52 

{P 1 

C 1 p 6 


p 9 

4 " 

P 17 

‘ill 

K 61 

{p 12 


P 11 

*J n 

} 




TABLE 2. Intermediate MITE Calculations 


Path 

I . 
ij 

G 

I .' 
l 

A. 

l 

K 61 

5 

5 

V 5 

1/7 

K 52 

10 

10 

-- 

-- 

K 51 

14.97 

14.97 

T r '= 14.97 
5 

1/12 

K 32 

10 

10 

-- 

-- 

K 31 

9 

9 

<3 

1/6 

K 21 

9 

9 

4 » 

1/2 


-- 

5.88 

-- 

-- 

°2 

-- 

19 

-- 

-- 


V. SUMMARY AND CONCLUSIONS 


Dataflow graphs are useful representations for abstract computations, 
generally rendering models that are easily related to the real system being 
modeled. Petri nets, while less powerful computationally, have been 
studied intensively, giving rise to a large body of analytic methods. 

Here, we have shown that a significant class of dataflow graphs can be 
effectively transformed to Petri nets. The applications of this cla'-s have 
been primarily in modeling concurrency in computer systems. Thus, the 
isomorphism between the two computational models allows considerable 
analytic capability to be employed. 

Within the applications context, timed transitions and probabilistic 
resolution of nondeterminisin are introduced. Using these extensions, a 
measure (Mean Time to Event) was illustrated. The principle behind the 
derivation was the determination of overall behavior by examination of the 
contained components. This principle is currently being exploited to 
determine other properties of the net. 
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Abstract 

A dataflow graph can be usea as a generalised Model of 
computation. Uninterpreted dataflow graphs can be used to analyze 
the reliability of computer systems including parallel processors 
and data driven systems. The nonaeterminisn arising due to the 
uninterpreted nature is resolved by associating probability 
distributions with dataflow actors. Both Markov and path 
ennur.ieration techniques can be used to study the reliability of 
dataflow graph models. Large graphs should be reduced to simplify 
computational complexity. 

Ke^ words: Dataflow Graphs, Stochastic Petri Nets, Markov Chains, 
Reliability, Graph Clustering, Path Ennumerat ion. 


1. INTRODUCTION 


The demands lor concur ten t operation "ithin a computer system 
and the representation ot parallelism in programming languages 
have yielded a new form of program representation known as 
dataflow ([DENN 74], [DENN 75], [TREE 82]). Execution of dataflow 
programs is data driven; that is, each instruction is enabled tor 
execution just when each required operand has been supplied by the 
completion of the predecessor instruction. 

Dataflow systems have received considerable attention during 
the past several years. However, much of the research in dataflow 
processing has dealt with defining the functionality, designing 
instruction level architecture or specifying programming 
languages. This has not made urgent the formalization ot the 
dataflow itself. Formalization is necessary in relating dataflow 
to other computation models, discovering properties of specific 
instances of dataflow graphs and in performance and reliability 
evaluations. Because ot the complexity of dataflow systems, the 
presence of multiple processing units and communication circuits, 
the reliability, performance of the interconnection structures, 
and scheduling schemes in such architectures become significant 
issues, before dataflow architectures can be used for next 
generation machines. Formalization of the dataflow model also 
makes possible the utilization ot dataflow graph as an abstract 
model of computation analogous to Turing machines and Petri nets. 
In [KAVI 84] , we have presented a formal definition of dataflow 
aiodels, and in [KAVI 85], isomorphic transformation ot dataflow 
graphs into free-choice Petri nets have been presented. 


Our interest in dataflow graph is its potential to represent 
any computation structure, including parallel processing 
architectures and even dataflow systems. Miller (MILL 731 has 
surveyed models other than dataflow graphs for representing 
coraputat ional aspects of parallel processes. The chief advantage 
of dataflow graphs over other models is their compactness and 
general amenability to direct interpretation. That is, the 
translation from the conceived system to a dataflow graph is 
straightforward and, once accomplished, it is equally 
straightforward to determine by inspection which aspects of the 
system are represented [KAVI 83]. Dataflow grapns are 
hierarchical; a node in the graph can be a simple node 
representing a single hardware unit, or a dataflow subgraph 
representing an entir_ processor or an interconnection network. 
Thus models of computer systems using dataflow graphs can be used 
to selectively change the level of simulation to any level of 
detail simply by expanding nodes into dataflow subgraphs without 
modifying other parts of the model. 

In this paper we outline methods for estimating the 
reliability of a dataflow graph model. Thus, computer systems 
including parallel processors, dataflow machines and uitrareliable 
computerc with high redundancy can be represented as dataflow 
graphs, dataflow simulators (for example DFDLS [KAVI 63]) can be 
used to study their functionality, and the reliability of the 
simulated computer can be calculated using the techniques 
described in this paper. We will introduce abstract dataflow 
graphs in the next section and the techniques for estimating the 
reliability of dataflow graphs will be described in Section 3. 


2. UNINTEKPRETED DATAFLOW GRAFHS 


Definition Is A dataflow graph is a labeled bipartite graph where 
the two types of nodes are called actors and links. 


Here , 


S (S C. L) 


G = < A D L, C > (1) 

A = {&| , a^ } is the set of actors 

L = {1, , 1 2 _ ,...., l m } is the set of links 

E = (A x Lj yl {L x A) is the set of edges, 

is a non-empty set of links called starting set (input 


links) . 

S = { 1 e L | (a,l) k' E + a 6 A} (3) 

T (T C. L) is a non-empty set of links called terminating set 
(output links) . 

T = { 1 6 L | (l,a) £ E V- a e A} (4) 

The set of input links of an actor a and output links of an actor 

a are denoted as 1(a) and 0(a). 

1(a) = { 1 e L | ( 1 , a) € E} (5) 

0(a) = { 1 0 L | (a,l) e E} (6) 

1(1) and 0(1) for links can be defined similarly. 

t \ t ■+ 

Transitive closure on these sets, 1(a) , 0(a) , 1(1) , 0(1) for 

Jm 

actors and links can be defined; For example, 1(a) is the set of 
all links that are inputs to a, or input links to actors that feed 
the input links of a, and so on. 

If B c A is a subset of actors then 1(B) and 0(B) define the set 
of links that are inputs links and output links of actors in B. 


1(B) = { 1 £ L ! 

1 1 S Kb) 

for all 

b e 

B} 

(7) 

0(B) = { 1 € L 

1 1 ^ 0(b) 

for all 

b e 

B} 

(8) 


Definition 2: For a dataflow graph the following conditions are 
tr ue . 

11(a) I > 0 for all actors a 6 A 

11(1)1 = 0 or 1 for all links i€ L (9) 

|0(a) I > 0 for all actors a € A 

10(1)1 - 0 or 1 for all links 1 e L 

Although this definition seems to be restrictive since the links 
can-not have more than one input actor and one output actor, we 
have been able to rewrite all dataflow graphs by introducing dummy 
actor* (for example, to duplicate an input token onto several 
output links) . This definition allows us to isomorphically map 
dataflow graphs into free-choice Petri nets and free-choice nets 
into dataflow graphs [KAVI 85] . 

Uninterpreted dataflow graphs : For the purpose of studying the 
performance and reliability of dataflow graph models of computer 
systems, we introduce uninterpreted dataflow graphs, in that the 
actual meaning of the functions performed by the actors and the 
semantics of the data tokens on arcs is not relevant. The presence 
of data tokens on arcs are used only as triggering signals to 
enable actors. We use the term dataflow graph to mean 
uninterpreted dataflow graph throughout the paper. 

Definition 3: A marking is a function M: L > {0,1} (10) 

A link 1 is said to contain a token in a marking M if M(l) = 1. Ari 
initial marking M 0 is a marking in which a (non-empty) subset of 
starting set of links contain tokens. A terminal markirg is a 
marking in which a (non-empty) subset of terminating set of links 


contain tokens. 


2.1. FIRING AND FIRING SEMANTIC SE^'S 
Associated with each actoL' aie two sets of links called input 
filing aamailtlfi F, and output LLtlna aenifliitic £J2i F 2 

F, (a,M) £ 1(a) 

F r (a, I*) C(a) (11) 

Tlie input firing semantic set F, refers to the subset of input 
links that must contain tokens to enable the actor; the output 
firing semantic set F z refers to the subset of links that receive 
tokens when the actor is fired. 

Definition 4: A firing is a partial mapping from markings to 

markings . 

An actor is fireable at a marking M if the following conditions 
hold 

M(l) = 1 for all 1 £ F, (a,K) 

M ( 1 ) = 0 for all 1 €. F^ (a,M) (12) 

When the actor is fired, tokens from the input firing set e; (a,M) 

are consumed and new tokens are placed on each link belonging to 
the output firing set F^_ (a,M) . Thus a new marking M’ resulting 
from the firing of an actor a in marking M can be derived as 
follows . 

M * ( 1 ) = 0 if 1 6 F, ( a , M) 

= 1 if 1 e Fj_ ( a , M ) 

= M(l) otherwise (13) 

Such a firing of an actor is indicated by M ~— > M'. 

Depending on whethe. F ( and F^_ select only one, a proper subset or 
the entire set of input and output links, the following node 
firing rules are defined. 




: All the input links must contain tokens for the actor 


to tire. That is, F, (a,M) = 1(a) for all M. (14) 

Disjunctive ; Only one of the input links must contain a token for 
the actor to fire. That is, F, (a,M) €. 1(a) for all M (15) 

Collective : One or more of the input links may contain tokens for 
the actor to fire. Th a t is, F ( (a,K) C 1(a) for all M. (16) 

Selec tive: When the actor fires, only one of the output links 

receives a token. That is, F^_ (a,M) 6 0(a) for all M. (17) 

Distributive : When the actor fires, all the output links receive 
tokens. That is, F z (a,M) = 0(a) for all M. (18) 

The graphical representations of these possibilities are shown in 
Fig. 1. In this paper we will not deal with collective actors. 
They can be replaced by a number of conjunctive actors with inputs 
corresponding to the subsets of 7(a). 

NOM-DETERMTN!STIC FIRING SEMANTICS: Since, in our study, 

uninterpreted dataflow graph models are used for analyzing 
reliability by applying stochastic methods, F, and E^are made 
non-deterministic; for different instances of execution of an 
actor, the firing semantic sets may be different. This eliminates 
the need for control links and arcs in dataflow models. The choice 
arising due to control tokens are incorporated into FJ and F^by 
associating probability distributions with the firing semantic 
sets. For example, the T-gate [DENN 74] shown in Fig. 2(a) will be 
replaced by Fic. 2(b). The firing semantic sets are 


OF PGO.v vjUr, V. u 



a) Conjunctive 

Fj(a,M) = 



b) Disjunctive 
IFjU. m)| « 


7 


c) Collective 
Fj(a.M) C 



d) Selective 
|F 2 (a,M)| = 



e Di trubu'ive 



Firing Rules 



I (T) 
0 ( T) 


with probability p 
with probability 1-p 


F 


i 


i. 


F 


- L 


4 > 


The probability p depends the frequency of having TRUE value on 
the control arc of the T-gate. 



Fig. 2. Non-Deterministic Firing 

P[F, (a,M)] is the probability distribution that in marking M, 
F, (a,M) is the input firing semantic set; this probability 
distribution determines which subset of tokens on input links 
(should a choice be made) will be consumed when the actor a is 
fired in mar King M. Similarly, P[^_ (a,M)] defines the probability 
distribution on the output firing semantic set; when a fires in M, 
the links in F x (a,H) will receive tokens with a probability 


P[F ( a,M) J . 



3. RELIABILITY ANALYSIS OF DATAFLOW GRAPHS 


Network Reliability Analysis: The reliability of communication 

networks has attracted considerable interest among researchers. 

When such networks are treated as directed graphs, the reliability 

can be analyzed by reducing the communication networks to 

series-parallel networks [MISR 70a], by enumerating paths ( [MISR 

70b], [FRAT 73]), or by enumurating cut-sets ([LIN 76], [JENS 

69]). For a general non series-parallel networks only the last two 

methods yield exact solutions. However, since they are not 

tractable for large networks approximate methods become necessary 

([JENS 69], [NELS 70], [BATT 71]). 

For any m path network the number of non-cancelling terms in 

the reliability expression resulting from the use of the 

inclusion-exclusion formula of probability theory [FELL 68, pp 

■ro-l 

99-108] is r ^ 2 . However, in practical networks some of the 

r*l-| 

paths are contained in the union of other paths, thus r << 2 
In [SATY 78], a topological formula and an algorithm are presented 
for finding the reliability of a network from a given source node 
to a terminal node, where only non-cancelling terms are included 
in the formula. This method has been extended to obtain 
reliability from a single source node to multiple terminal nodes. 
The reader is referred to [ A.GRA 84] for a survey of such network 
reliability methods. 

These methods cannot be applied directly to dataflow graphs. 
Although dataflow graphs are directed graphs and they resemble 
networks, there exist important differences due to the firing 
semantics described in the previous section. For example, for 


conjunctive actors, all the input links musv. contain tokens to 
enable the actor to fire, requiring reliable input paths leading 
to the actors. Similarly, for distributive actors, all paths 
starting at the output of the actors are required tor the 
successful completion of the function described by the dataflow 
graph. V7hreas in (communication) networks, only one path is 
necessary for reliable operation. 

A second difference arises due to the nondeter: .inistic nature 
of dataflow graphs introduced in this paper. Probabilities are 
associated with paths (section 2), and these probabilities cannot 
easily be incorporated into the networks obtained from dataflow 
graphs. For this reason, we introduce a different method of 
obtaining the reliability of a dataflow graph. 

3.1. RELIABILITY OF DATAFLOW GRAPHS 

Reliability of a dataflow graph can be defined as the 
probability of successful completion of a sequence of operations 
to be performed by the actors of the graph. Thus, it this sequence 
is identified as the path of a particle traversing the graph, then 
the reliability is the probability of occurrence of a successful 
path . 

The reliability of a dataflow graph can be determined in two 
stages. At the first stage, reliabilities of subgraphs (some of 
them can be single actors) are calculated. At the second stage the 
reliabilities of the subgraphs are combined appropriately based on 
the topological structure of the graph. If multiple redundant 
paths are simultaneously used, the procedure of combining 
subgraph reliabilities becomes complicated. 




In v/hat follows we shall consider the successful conclusion of 
the operation as the event without any concern to the tin.e needed 
for the cperaticn. Incc rporation of the time element compounds the 
problem ana it will be considered in future research. 

Let A ( , A ^ , . .., A be the actors (some of them can be 

subgraphs) of a dataflow graph and let R, , be their 

reliabilities. Unless otherwise stated we will assume that the 
performance of an actor (cr subgraph) is independent of the 

outcome of any other actor. 

Keeping with the analogy of a particle mentioned earlier, the 
movement of the particle from one node to another w'ill be called a 
transition. If the transitions among actors in a subgraph 
{A 4 , A L A^ J are hierarchical, say A ( — >A ^ — >... — >Ay, 

(or any other arrangement) , then the reliability of the subgraph 
is obtained as the product "F R i . But if the transitions are 
Markovian with the probability of transition A; — > Aj being p,. , 
then the reliability of the subgraph can be calculated using 
Markov chain methods. 

For instance, consider a Markov chain with two states 1 and 2 
(the corresponding subgraph contains two actors). Let the 
transitions among the states be represented by the elements of the 
transition probability matrix 



where p.. is the probability of transition i — > j. For purposes 
J 

of reliability modeling we introduce states IF, 2F and 0 of which 


IF and 2F represent failure of actors 1 and 2, and 0 represents 
the successful completion of operation. Let f, and f z be the 
probaDili ties that actors 1 and 2 fail. Now we can consider an 
expanded Markov chain whose transition probability matrix is given 
by 




which can be partitioned as shown. If a particle starts out from 
state 1 or 2, it is well known [BHAT 84, Chap 4] that the first 
passage probabilities of the particle into states IF or 2F (these 
are the unreliabilities) in n transitions are given by the 

* 0-1 7 

elements of the second and third columns of the matrix Q • $. The 

ccr responding probabilities for reliable operation without regard 

-I 

to time are given by the elements of the first column of (I-Q) # $. 

At this point we may note the similarity between dataflow 
graphs and Petri nets. Stochastic Petri nets ([COOL 83], [GEIS 
33], l MOLL 81], [MOLL 82], [SIFA 80], [ZUBE 80]) have been used 
for performance and reliability analyses of concurrent and 


asynchronous computer systems. Typically, the markings are mapped 
into a Markov state space ([MOLL 81], [MOLL 82]). The markings in 


a dataflow graph can also be Dapped similarly into a Markov state 
space for the purpose of studying the reliability of the dataflow 
graph. When dataflow graphs contain strong subgraphs it is 
convenient to obtain the reliabilities of the subgraphs so that 
the subgraphs can be replaced by single actors (thus producing a 
reduced graph) . The corresponding markov process can be arranged 
in a canonical form such that the recurrent equivalent classes can 
be easily identified. Kavi ([KAVI 79] [BHAT 84, chap 4]) has 
collected algorithms useful for this purpose. Appendix contains a 
brief description of these methods. 

However, eventhough this method is applicable in the general 
case, many times it . unnecessarily complicates the problem. For a 
large dataflow graph with m links (the number of links is greater 

•n* 

than the number of actors) , the Markov chain contains as many as 2- 
states. So, Markov chain method should be used only to small 
subgraphs and the reliabilities of subgraphs should be combineed 
using the technique discussed below. 

In the second stage of combining subgraph (or actor) 
reliabilities to get the reliability of the complete graph we may 
develop certain rules based on the type of firing rules discussed 
in section 2. 

In addition to the reliabilities Ri , R ^ , ..., R>, ,also 

define C (j (i,j =1, 2, ..., n) as the reliability of the link 

connecting actor A to actor Aj (which can also be considered as 
the reliability of the communication channel) . Let Rjj be the 
reliability of the path A* — > Aj , including the reliability of 
A^ , but excluding the reliability of Aj . For the four distinct 


types of firings defined in section 2 (collective actors are not 
considered here), we have the expresssion shown in Fig. 3. 

While using these expressions to determine the reliability of 
a path, the following observations should be noted. 

a) . Conjunctive and distributive actors are indicative of parallel 
paths all of which are used. When the paths are independent of 
each other, the reliability of the graph (or subgraph) consisting 
of parallel paths is obtained as the product of reliabilities of 
individual paths. 

b) . Disjunctive and selective actors result in more than one path, 
only one of which is used. The reliability of the graph (or 
subgraph) with such paths is obtained by combining the 
reliabilities of individual paths using the probabilities of paths 
as weights. 

c) . When the paths are not independent, the dependent structure 
determines how the reliabilities of individual actors (or 
subgraphs) are combined to get the reliability of the qraph. 

d) . When multiple redundant paths are simultaneously used, the 
reliability is obtained using the inclusion- exclusion formula of 
probability theory [FELL 68, pp 99-109], 

An algorithm to determine the reliability of a graph can be 
described as follows. 


Algorithm A1 

Stepl : Identify subgraphs (see Appendix) 

Step2 : Obtain reliabilities of subgraphs using either Markov 
chains (Appendix) , or using this algorithm recursively. 
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Fifj. 3. Reliability Expressions for Dataflow Actors 














Step3 : Replace strong subgraphs by single actors producing a 
reduced graph. 

Step4: Identity distinct paths (say using depth-tirst search) 
Step5: Combine actor (subgraph) reliabilities using firing types 
to determine the reliability tor each path. 

Step6 : Combine path reliabilities to give the reliability of the 
entire graph. 

Given below are two examples; one a dataflow graph of a simple 
computer system (Fig. 4) and the second a dataflow graph 
representing triple modular redundancy (Fig. 5) . In the first 
example, actors perform independently ot each other, whereas in 
the second example there exists such a dependency among the 
paths. 

Eexample 1; Dataflow Model of a Simple Computer System. Baer [BAER 
80, p 71] gave a Petri net model representing the control flow in 
the execution of an instruction in a single accumulator arithmetic 
and logic unit. Fig. 4 shows a dataflow equivalent ot the Petri 
net given by Baer. The actors are intentionally named by the 
events in order to facilitate interpretation. In order to simplify 
the notations we use a's and l's to represent the actors and links 
as well as their reliabilities. 

The three distinct paths in the graph are identified below. 



M, \ 


















The probabilities p> , indicate the frequency of 

Conditional, Store and Arithmetic instructions (in a typical 

program) while p , p_ are the probabilities that a condition 

4 5 

will or will not be satisfied. 


The reliabilities of various groups of nodes in subpath P ( are 
given below. 

R l = a >5 !»-i 


Rj. ~ a< » a.o 

r 3 = ^15 a l} ^<9 

R 4 = ^l(, a i^. ^2.0 a it 

in 

Let F be reliability of subpath P, . Then 
R 0) = 1 4 a ff R, Rj (p^ Rj + P s 



OWGK* iL P 

OR POOfi QUALITV 


(*) Q) 

Let R and R be the reliabilities of subpaths and Pj 

determined in a similar manner. Then the system reliability is 

0) cu w 

R = a , 1, a A 3j 1 & a 4 (e> R + p t R + P i R ) 

Example 2: Dataflow Graph of Triple Modular Redundancy. The most 

common design to enhance the reliability of a system is to use 

redundancy so that faults can be masked. In a triple modular 

redundancy (TMR) , the circuit is triplicated and the voter performs 

the majority function. Fig. 5 shows the dataflow graph of TMR. U, , 

U^, and are the triplicated units. The function of the voter is 

shown in detail where N, will produce a token on W (working) 

output when all the three units are functioning and a token on F 

(failed) output otherwise. , Nj , N^. work* similary testing if 

two units are functioning correctly. Dependency among N, , N A , 

Nj , should be noted. Because of this dependency, the 

reliability of paths will have to be considered using a conditional 

probability argument. Assuming that voter actors (N, , N L , N*,, N 4 ) 

do not fail, and using , Uj to represent the events that the 

. c c C 

units are working and U, , , Uj to represent failures, we have 

B - PGvv^) + 

Kind 1 1 

+ pjytuj G’A 0 *'] 

-v e[ u ;u^ * 

But , < — ■ 

A = pL 0|JiUj ] 
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simplifying the other 

PGwO ■+ PC°» 0 a. 0 i) 


two terms we get 

t PG\v£ 0^ PWojO^ 


If each of the units has a reliability of R and they are 
independent of each other, the reliability of TMR is 

- R? + 


Let V be reliability of each of the actors in the voter, then 

R 1n « - ve 1 + 

When the fault model includes repair or fault coverage, Markov 
chain techniques would be applicable [GEIS 83] . 


4. SUMMARY AND CONCLUSIONS 


Much of the research in dataflow processing ignores the need 
tor the formalism of the dataflow model itself. In our research we 
have developed a formal definition of dataflow graphs. 
Uninterpreted dataflow graphs can be used to model computer 
systems including parallel processors and data driven system; the 
reliability of the modeled computer can be studied by analyzing 
the dataflow graph. We have introduced stochastic properties with 
dataflow actors. The reliability of dataflow graphs are analyzed 
using both Markov and path enumeration techniques. Wt have 
outlined how a large dataflow graph can be condensed using graph 
clustering methods. These clusters can be analyzed separately and 
the results can be combined to obtain overall system reliability. 

The time needed for an actor to complete its operation is not 
included in our analyses of dataflow graphs. Incorporation of the 
time element compounds the problem and it will be studied in 


future research. 
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APPENDIX: REDUCTION OF DATAFLOW GRPAHS 


In this appendix we outline how large dataflow graphs can be 
reduced to graphs of manageable size. The reduction involves, 

. The identification of subgraphs 

. The analysis of subgraphs using either Markov chain 
techniques, or using algorithm A1 . 

. The replacement of subgraphs by single actors. 

The process of identifying subgraphs is similar to clustering 
of graphs. A cluster is a maximal collection of suitably similar 
objects drawn from a larger collection of objects [MATU 83]. If 
the dataflow graph contains . strongly connected components, then 
cliques can be identified using depth-first search ( [TARJ 72], 
[REIN 77]) or reachability sets [CHRI 75], A survey of such 
algorithms can be found in [KAVI 79] . Clustering of non-clique 
subgraphs is usually based on hueristics. In [PERK 83], an 
algorithm is presented for clustering related nodc.b based on 
weight and cost. The weight of a cluster is defined 3s the ratio 
of the number of arcs between the nodes in the cluster to the 
total number of arcs connected to the nodes in the cluster. The 
cost of a cluster is given by the number of arcs connecting the 
nodes inside the cluster with the nodes outside the cluster. The 
algorithm finds maximal subgraphs by growing the clusters until a 
maximum weight and minimum cost cluster is found. For finding 
clusters (or subgraphs) in dataflow graphs, the following rules 
can be used. 


1. Maximize the weight ot clusters. 

2. Minimize the cost ot clusters. 

3. If a conjunctive actor is included in the cluster, the 
actors feeding the input links of the conjunctive actor 
must be included in the cluster. 

4. If a distributive actor is included, all the actors fed by 
the output links from the distributive actor must be 
included in the cluster. 

For the purpose of obtaining a canonical representation, 
hierarchical relationship among the subgraphs (or actors) can be 
defined as follows. 

1. All actors (or subgraphs) with an outdegree of zero are at 
level zero in the hierarchy (highest) . That is, 

H(x’) = 0 if f(x-) = 0 

where T (x- ) is the set of actors (or subgraphs) that are 
adjacent to x^ and H(x,; ) is the hierarchical level of 
actor x* . 

2. For an actor with an outdegree greater than zero, the 

level is given by / 

E wMa f HCO 
Xj^TM V 

The second rule implies that actor x^ (or subgraph) is at a lower 
level than an actor xj if an arc (x* , xj ) exists. The ievel of an 
actor (or subgraph) is in fact the negative of the longest path to 
the actor from an actor at level 0. Dijkstra's ( [DIJK 59], [CKRI 


( 



75]) shortest path algorithm can be modified to obtain longest 
paths by assigning a cost of -1 to arcs. 

Example: The dataflow graph in Fig. 4 is used to illustrate the 
reduction approach. Fig. 6 shows three clusters that can be 
identified based on the hueristics described above. Each cluster 
can be analyzed using Markov chains. Fig. 7 lists the Markings 
(hence states) for the three clusters. The state transition 
matrices appear in Fig. 8. The reliability of each cluster can be 
obtained by using well established techniques [BHAT 84, Chap. 4] 
(Fig. 9 ) . These three clusters can now be replaced by single 
actors as shown in Fig. 10. 

Although the clusters identified in this example are simple 
(and the calculation of reliabilities by ennumerating paths is 
simpler than the Markov chain technique) , we would like to note 
that in a more complex dataflow graph the graph reduction would 
lead to computational simplicity. A more complex example would be 
difficult to present here due to space limitation and the clarity 


desired. 
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